Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2010
LinkedIn Attack Spreads Zeus Financial Malware
News  |  9/29/2010  | 
Infection related emails accounted for almost 25% of the world's spam at its peak Monday.
Microsoft Beefs Up Hotmail Security
News  |  9/29/2010  | 
Raft of new features aimed at blocking email hijackers and helping users reclaim compromised accounts.
Security Researcher Wins Prestigious MacArthur "Genius" Grant
News  |  9/29/2010  | 
Dawn Song, head of the Berkeley lab that developed BitBlaze, will get $500,000 for more research
Why The Insider Threat Is Ignored
Commentary  |  9/28/2010  | 
The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.
Chinese iPhone 4 Forces Censored Maps
News  |  9/28/2010  | 
Apple's Maps application on the Chinese iPhone 4 will only show government-approved maps, unlike previous models.
Malware Targeting Top News Sites, Message Boards
News  |  9/28/2010  | 
By poisoning popular sites with malicious content, attackers ensure that web surfers are never more than two clicks away from a threat, says Websense report.
Security Is Chief Inhibitor To Web 2.0 Implementation, Study Finds
Quick Hits  |  9/27/2010  | 
Malware, viruses are key reasons why companies don't use Web 2.0 apps more widely, researchers say
Iran Denies Stuxnet Worm Hurt Nuclear Plant
News  |  9/27/2010  | 
The malware appears to have been designed to target a specific facility or control process.
'Here You Have' A Lesson
Commentary  |  9/24/2010  | 
It's been interchangeably called spam, or a targeted attack that spun out of control, or a form of cyber-jihad with alleged geopolitical implications. But regardless of what you call it, the "Here You Have" email worm is an excellent example of just how well today's security can work. Here are a few justifications for that optimism.
Facebook Suffers Slowdowns, Access Problems
News  |  9/23/2010  | 
The popular social network acknowledges some users may have difficulty accessing the site, but has yet to provide details of the cause.
Google, YouTube Win Copyright Ruling In Spain
News  |  9/23/2010  | 
Aggrieved media companies keep claiming copyright infringement but courts keep siding with Google.
Different Flavors Of The Insider Threat
Commentary  |  9/22/2010  | 
There are different categories of insider threats, based on the level of access the employee has. There are four types: pure insider, insider associate, insider affiliate, and outside affiliate. Each of these categories also has different motives. Understanding each is a key to building proper preventive and detective defenses.
Product Watch: eEye Revives Free Zero-Day Vulnerability Tracker Site
News  |  9/22/2010  | 
Aims to be a 'one-stop shop' for zero-day vulnerabilities, analysis
Twitter Worm Fixed
News  |  9/21/2010  | 
A cross-site scripting flaw that allowed several worms to spread on Twitter has been repaired.
Missing The Insider Threat
Commentary  |  9/20/2010  | 
"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.
Stuxnet Updates Through P2P Communications
News  |  9/20/2010  | 
Symantec finds that peer-to-peer networks can propagate the malware, even though its command and control systems are now offline.
Adobe Accelerates Fix For Flash Flaw
News  |  9/20/2010  | 
Repair for the critical vulnerability, which is being actively exploited, will be released Monday rather than later this month.
Tech Insight: Employee Monitoring--Coming Soon To A Network Near You
News  |  9/17/2010  | 
More companies are monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours
Social Engineering Report Shows Corporate America At Risk
News  |  9/15/2010  | 
Final report from Defcon contest details information employees gave up over the phone
Microsoft Patch Defends Against Stuxnet Worm
News  |  9/14/2010  | 
The company's September patch day brings nine security bulletins.
Adobe Facing Two Zero-Day Vulnerabilities
News  |  9/14/2010  | 
A warning on Monday about a vulnerability affecting Flash, Acrobat, and Reader echoes another software flaw disclosed last week.
Cisco Pinpoints 'Here You Have' Worm's Virulence
News  |  9/14/2010  | 
E-jihadist group claims responsibility for attack, which spread rapidly through poor enterprise webmail filters, open network shares.
Accepting The Inevitability Of Attack
News  |  9/13/2010  | 
Attacks will shift from targeting devices to targeting people, expert say
GAO Finds Agencies Lax On Data Protection
News  |  9/13/2010  | 
Departments that deal with highly sensitive information need better safeguards to secure it against contract workers, finds Government Accountability Office.
NSS Labs To Open Marketplace For Buying And Selling Exploits
News  |  9/9/2010  | 
No zero-days on 'Exploit Hub'
Federal Cyber Watchdog Bombs Cybersecurity Audit
News  |  9/9/2010  | 
Department of Homeland Security inspector general says US-CERT isn't properly patching and securing its systems or complying with policy.
Firefox Patches DLL Load Hijacking Vulnerability
News  |  9/9/2010  | 
Security release fixes 15 bugs and adds defense against clickjacking attacks.
Adobe Acrobat, Reader Under Attack From Zero-Day Exploit
News  |  9/9/2010  | 
Turning off JavaScript in Adobe Reader advised to protect against the critical vulnerability.
Twitter Patches Account Hijacking Vulnerability
News  |  9/8/2010  | 
Easy-to-exploit, one-click attack caught more than 100,000 users; additional variations may still be at large.
Symantec Finds 65% Have Been Hit By Cybercrime
News  |  9/8/2010  | 
Victims spent an average of 28 days and $334 fixing the damage, but few reported the crime to the police.
Quantum Cryptography Breached With Lasers
News  |  9/7/2010  | 
Using lasers to blind quantum cryptography photon detectors, Norwegian computer scientists were able to obtain a copy of a secure key without leaving any trace of their presence.
September Month Of Bugs Under Way
Quick Hits  |  9/7/2010  | 
Researchers say goal is to provide more details on some key known flaws, as well as expose some new zero-day vulnerabilities
Google Trims Privacy Policy
News  |  9/3/2010  | 
Moving to improve user privacy, Google has made it easier to understand the company's privacy policies and to find its privacy tools.
Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6
News  |  9/3/2010  | 
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are available
New Cloud Security Certification Launched
News  |  9/2/2010  | 
The Cloud Security Alliance (CSA), an industry group seeking to promote security standards for cloud computing, is offering an online certification program beginning September 1st.
DARPA Soliciting Bids On Insider Threat Prevention
News  |  9/2/2010  | 
Defense Department agency to develop system that can identify and stop people from removing information from its networks.


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...