Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2008
Page 1 / 2   >   >>
New DoS Attack Is a Killer
Commentary  |  9/30/2008  | 
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Study: Routine Misbehavior by End Users Can Lead to Major Data Leaks
News  |  9/30/2008  | 
Many end users don't understand the risks associated with breaking company security policies, report says
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
News  |  9/30/2008  | 
Cybercriminals split the attack cycle into pieces that may appear unrelated in order to evade detection
Microsoft, Washington State Launch Legal Assault On Scareware
News  |  9/29/2008  | 
The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.
CSRF Flaws Found on Major Websites
News  |  9/29/2008  | 
Princeton University researchers reveal four sites with cross-site request forgery flaws and unveil tools to protect against these attacks
Yahoo! Japan Auctions Compromised, Report Says
News  |  9/29/2008  | 
Thieves may have accessed Web auction site as many as 1.5 million times since May
Theft at RAF Facility Endangers Personal Data of 50,000
Quick Hits  |  9/29/2008  | 
Data on British air force hard drives wasn't encrypted; old facility 'wasn't that secure,' reports say
'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins
News  |  9/26/2008  | 
The flaw affects Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera and could trick a user into clicking on content from another page.
Portrait Of A Computer Forensic Examiner
News  |  9/26/2008  | 
While data can be recovered from any computer, expert Ives Potrafka believes that corporate IT departments have far less control over what happens on PCs used for work.
Adobe PDF Reader Vulnerable, U.S. CERT Warns
News  |  9/26/2008  | 
The government's standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.
Survey: Virtually No Security in Enterprises' Virtual Systems
Quick Hits  |  9/26/2008  | 
Enterprise survey shows few companies have secured their virtual environments
New ID Theft Service Crawls the Web on Consumers' Behalf
News  |  9/26/2008  | 
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale
Tiger Team Member Attacks Developers, Not Apps
News  |  9/25/2008  | 
Expert shows how he can get into a Web app without touching the application itself
Sarah Palin E-Mail Hacking Grand Jury Returns No Indictment
News  |  9/24/2008  | 
A Tennessee Democratic state representative's son was linked last week to involvement in the breach of the Republican vice presidential candidate's Yahoo Mail account.
Shadowserver to Build 'Sinkhole' Server to Find Errant Bots
News  |  9/24/2008  | 
New initiative will emulate IRC, HTTP botnet traffic
Many PC Users Remain Unaware of Security, Privacy
Quick Hits  |  9/24/2008  | 
More than a tenth of users don't know whether they have an antivirus, firewall; majority don't know what privacy settings they're using
For US Enterprises, Computer Crime Starts at Home
News  |  9/23/2008  | 
Despite perceptions about overseas hackers, attacks increasingly emanate from domestic sources, studies say
Phony Pop-Up Warning Messages Dupe Most Users
News  |  9/23/2008  | 
New research from NC State University shows how even savvy users fall for malicious system error messages
Man Indicted for Hacking & Blackmailing Luxury Automaker
Quick Hits  |  9/23/2008  | 
Sixty-year-old hacker threatened Maserati North America with exposing his theft of customer data from carmaker's Website
'Profiler' Hacks Global Hacker Culture
News  |  9/23/2008  | 
Former notorious Italian hacker releases initial results of research identifying different types of hackers and their behaviors on and offline
US-Based Malware Network Shuts Down
News  |  9/22/2008  | 
Network that served large numbers of hackers is no longer in service, observers say
Employees Still Flouting Security Policies, Study Says
Quick Hits  |  9/22/2008  | 
Three in 10 enterprises say their business' security is being compromised by personal use of corporate systems
Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity
News  |  9/19/2008  | 
A recent Unisphere survey found 20% of respondents anticipated some kind of data security breach over the coming year.
Sarah Palin E-Mail Hacker Tied To Tennessee Democrat
News  |  9/19/2008  | 
Department of Justice investigators have declined to comment on the status of the Palin e-mail investigation.
Experts: US Is Not Prepared to Handle Cyber Attacks
News  |  9/19/2008  | 
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come
Research: Porn Is Losing Its Steam
Quick Hits  |  9/19/2008  | 
Separate reports both say lurid material no longer rules Web traffic trends
Porn Operators Hijack Pages on AARP Website
News  |  9/18/2008  | 
Multi-pronged attack shows weakness in custom content management systems, researcher says
Palin's 'Hacker' Tells How He Did It
Quick Hits  |  9/18/2008  | 
Hacker claiming to have broken into Republican VP candidate Sarah Palin's Yahoo email account reportedly used low-tech research and a little social engineering
Hacking Tool Lets You Target Your Own End Users
News  |  9/18/2008  | 
New open-source attack platform that performs email-based Web attacks debuts next week at OWASP conference
Zero-Day Exploit Code For Apple iTunes, QuickTime Posted
News  |  9/17/2008  | 
The vulnerability in Apple's newly patched software is said to crash any browser with the QuickTime plug-in.
Free 'Trojan-Proof' Password Tool Released for Windows
News  |  9/17/2008  | 
Beta virtual keyboard software aims to ward off password-sniffing Trojans, malware
Antivirus Vendors Push Toward Cloud Computing
News  |  9/17/2008  | 
Key elements of software now being delivered on a software-as-a-service basis
House Passes Identity Theft & Restitution Act
Quick Hits  |  9/17/2008  | 
Senate to consider bill that addresses data theft, use of keyloggers and spyware
Microsoft to Share Its Secure Development Blueprint, Threat Modeling Tool
Quick Hits  |  9/16/2008  | 
Customers, third-party developers can use Microsoft's model for writing more secure software - for free
Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred
News  |  9/16/2008  | 
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack
DHS Report Says Leave Laptops At Home
News  |  9/15/2008  | 
The federal agency said anyone who brings their computer or cell phone out of the country is risking privacy and data security violations.
Hackers Deface CERN's 'Big Bang' Particle Accelerator Site
News  |  9/15/2008  | 
As scientists began testing CERN's Large Hadron Collider last week, hackers made a mockery of the European lab's network security.
Snort Turns 10, Sourcefire Goes Virtual
News  |  9/15/2008  | 
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort
Lost Computer Exposes Data of 22,000 at Intuit
Quick Hits  |  9/15/2008  | 
Software company's loss was one of many resulting from burglary at HR outsourcing firm
Report: Unauthorized Apps Run Rampant on Many Enterprise Networks
News  |  9/15/2008  | 
Detailed analysis of traffic on 60 enterprise networks finds broad usage of software that isn't sanctioned by IT
Study: Hotel Networks Put Corporate Users at Risk
News  |  9/12/2008  | 
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks
CookieMonster Can Steal HTTPS Cookies
News  |  9/11/2008  | 
The Python-based tool actively gathers insecure SSL information and records that as well as normal HTTP cookies to Firefox-compatible cookie files.
Enterprises Struggle to Identify Sources of Risk
News  |  9/11/2008  | 
Security remains top priority, but businesses wrestle with business case, BT study says
New 'On/Off Switch' Protects RFID Cards From Hacks
News  |  9/11/2008  | 
Technology would let cardholders activate RFID transmission only when card goes through a reader
Online Death Certificates Dropped Amid ID Theft Fears
Quick Hits  |  9/11/2008  | 
Large Arizona county no longer posts public-record death certificates on its Website
Flying Phish Hooks Schools of Employees
News  |  9/11/2008  | 
Penetration test proves many workers can still be easily fooled
IBM Unveils Hardware-Based Encryption Tool
News  |  9/10/2008  | 
System x Vault protects data when a server's hard drive is disposed or stolen, without affecting server performance.
Home Security Gets A Web Makeover
News  |  9/10/2008  | 
Forget the closet control panel, today's Internet- and smartphone-enabled home security systems allow browser-based management, SMS updates, live video feeds, and money-saving DIY options.
Most Companies Believe Their Sensitive Data Is at Risk
Quick Hits  |  9/10/2008  | 
Enterprises recognize the threat of data theft, Finjan research study says
'Password Recovery' Services May Be Hackers for Hire
News  |  9/10/2008  | 
Services that promise to help you find your lost passwords may make their living by cracking the passwords of others, IBM researcher says
Page 1 / 2   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.