Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2011
Page 1 / 2   >   >>
Mobile Security Exploits To Double
News  |  9/30/2011  | 
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
Amazon Silk Browser Prompts Privacy Worries
News  |  9/29/2011  | 
The fast Web surfing Amazon promises on its Kindle Fire tablet involves a record of what you visit on the Net.
Top Google Chrome Extensions Leak Data
News  |  9/29/2011  | 
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
In-House Malware Analysis: Why You Need It, How To Do It
News  |  9/29/2011  | 
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started
CIA Invests In Semantic Search, Wireless Networking
News  |  9/28/2011  | 
In-Q-Tel is partnering with NetBase and Connectify to make semantic search and virtual VPN technology available to the U.S. intelligence community.
Social Engineering Attacks Pose As Corporate Copiers
News  |  9/28/2011  | 
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
Why Cisco Didn't Fight Consumer IT
News  |  9/27/2011  | 
At the Mobilize conference, Cisco's Tom Gillis shares his company's experience with consumer IT: Resistance is futile.
MySQL Malware Hack Cost Just $3,000
News  |  9/27/2011  | 
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
The Best Spies Money Can Buy
News  |  9/26/2011  | 
Security firms have found evidence that espionage agents are buying time on leased botnets: Will cybercriminals services lead to more efficient spying?
Corporate Espionage's New Friend: Embedded Web Servers
News  |  9/26/2011  | 
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
Feds Seek Advice To Battle Botnets
News  |  9/23/2011  | 
Homeland Security and Commerce Departments want to develop voluntary, standard practices that will protect and mitigate attacks on the private sector.
Adobe Flash Player 11 Promises Security Improvements
News  |  9/23/2011  | 
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
Wardriving Burglars Hacked Business Wi-Fi Networks
News  |  9/23/2011  | 
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
FBI Busts Suspected LulzSec Hacker In Sony Breach
News  |  9/23/2011  | 
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
Web App Attacks Rise, Disclosed Bugs Decline
News  |  9/22/2011  | 
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
Apple's Lion OS At Risk To Password Vulnerability
News  |  9/21/2011  | 
Apple OS X 10.7 flaw would enable hacker to change a pair of passwords
A Call To Disarm Black Hat Hackers In China
News  |  9/21/2011  | 
Two infamous Chinese hackers issue a 'convention' document rallying hackers to disavow illegal hacking activities
Social Engineering Attacks Cost Companies
News  |  9/21/2011  | 
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
Adobe Preps Zero-Day Flash Patch
News  |  9/21/2011  | 
Vulnerability is being actively exploited in the wild, has already been patched in Chrome.
Apple Lion Vulnerable To Password Hack
News  |  9/20/2011  | 
Flaw in Mac OS X 10.7 allows logged-in attacker to change password without knowing previous one.
HTTPS Vulnerable To Crypto Attack
News  |  9/20/2011  | 
Security researchers have built a tool that exploits weaknesses in the SSL and TLS encryption protocol, used by millions of websites to secure communications.
SMBs Need Denial-Of-Service Action Plan
News  |  9/16/2011  | 
Once you've been attacked, you need to respond quickly. These five expert tips will help small and midsize businesses prepare.
Free 'HoneySink' Tool Captures Botnet Traffic
News  |  9/15/2011  | 
First open-source 'sinkhole' tool released by Honeynet Project
McAfee DeepSafe Promises Better PC Security
News  |  9/15/2011  | 
Taking advantage of features in Intel chips, DeepSafe technology uses virtual memory to spot and block otherwise stealthy rootkit infections.
7 Ways You Give Thieves Dibs On Your Database
News  |  9/15/2011  | 
Bad database security habits make life easy for hackers and malicious insiders.
Data Breach Avoidance Requires Copy Cops?
Commentary  |  9/15/2011  | 
A U.S. senator proposes more data breach regulation, but experts say IT should be thinking data control. As one CSO recently put it, "The problem is not securing a copy of the data; it's securing data against copying."
Windows 8 To Come With AV Baked In
News  |  9/14/2011  | 
Microsoft will knit its Microsoft Security Essentials into the next-generation Windows OS
Social Engineering Leads APT Attack Vectors
News  |  9/14/2011  | 
Combat advanced persistent threats with more adaptive user training and by acknowledging that networks today exist in a state of constant compromise, say experts.
Microsoft, Adobe Patch Vulnerabilities
News  |  9/14/2011  | 
Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates.
Americans Want Uncle Sam's Help With Cybercrime Protection
Quick Hits  |  9/13/2011  | 
New Eset/Harris Interactive poll finds most U.S. online adults feel vulnerable to a cyberattack
Managing The Risk Of Flaws In Third-Party Software
News  |  9/13/2011  | 
Companies need to focus on finding and resolving vulnerabilities in software libraries on which their own products rely, experts say
CIA Protects PCs From Prying Eyes
News  |  9/13/2011  | 
In-Q-Tel is investing in technology from Oculis that prevents visual eavesdroppers from seeing information on computer screens.
HP Expands Security Offerings
News  |  9/12/2011  | 
Hewlett-Packard upgrades and expands its security lineup, blending ArcSight IPS, Fortify code scanning, and WebAppDV to provide better context and defense against threats.
Linux Foundation Confirms Malware Attack
News  |  9/12/2011  | 
Foundation advises users to change passwords following exploit of kernel.org, used to distribute the Linux kernel.
Stanford Hospital Breach Exposes 20,000 ER Records
News  |  9/9/2011  | 
Spreadsheet uploaded to homework-help website exposed sensitive patient data for almost a year.
Virtualization Security: No One Product Does It
Commentary  |  9/8/2011  | 
VMware environments demand multiple tools to build barriers, trap intruders, maintain VM security-- and keep the Jason Cornishes out.
Android Survey Highlights Piracy Problem
News  |  9/8/2011  | 
Yankee Group and Skyhook Wireless issue report that faults Google for failing to do enough to prevent unauthorized app copying.
Car Systems Reminiscent Of Early PCs
News  |  9/8/2011  | 
A lack of security scrutiny leads automobile makers to make simple, familiar security mistakes
7 Key Homeland Security IT Developments Since 9/11
News  |  9/8/2011  | 
DHS has had mixed success over the past 10 years as it has created information sharing portals, biometrics systems, cybersecurity organizations, and border security technology.
How StartCom Foiled Comodohacker: 4 Lessons
News  |  9/8/2011  | 
Comodohacker claims to have exploited six certificate authorities including DigiNotar--yet he failed to break into at least one. Here's how StartCom's approach to security worked.
Disclosure In The APT Age
News  |  9/8/2011  | 
Yet another widespread advanced persistent threat-type campaign has hit the federal government--this one aimed at civilian agencies.
Your Car's Next Enemy: Malware
News  |  9/7/2011  | 
The increasing sophistication and network connectivity of automotive electronics will leave cars vulnerable to malware, McAfee says.
Inside The Booming Botnet Industry
News  |  9/7/2011  | 
Going rate for infecting 1,000 unique PCs? Up to $180 in the United States, or $7 or $8 in Asia. The pay-per-install malware business thrives.
Virtualization Security: Your Biggest Risk Is Disgruntled Insider
Commentary  |  9/6/2011  | 
Could 88 of your virtual servers be deleted by an angry insider during one McDonald's visit? Learn from Shionogi's experience.
Mitnick's Tale Sheds Light on Social Tactics
News  |  9/6/2011  | 
Lesson from the past: Targeted companies need good security processes to protect their data
Sony Hires Ex-DHS Official To Lead Security
News  |  9/6/2011  | 
The electronics giant has hired ex-DHS deputy undersecretary and Microsoft exec Phil Reitinger to right its security ship.
Google Maps Listings Marred By False Information
News  |  9/6/2011  | 
Businesses complain that Google Maps inaccurately lists them as being closed, an attack that reduces customer visits and diminishes online traffic.
Are Digital Certificates Doomed?
Commentary  |  9/6/2011  | 
Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.
Hackers Turn On Each Other
Commentary  |  9/6/2011  | 
WikiLeaks fumbles the disclosure of sensitive government cables, while hacking competition website RankMyHack.com finds little honor among members.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3758
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.