Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2011
Page 1 / 2   >   >>
Mobile Security Exploits To Double
News  |  9/30/2011  | 
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
Amazon Silk Browser Prompts Privacy Worries
News  |  9/29/2011  | 
The fast Web surfing Amazon promises on its Kindle Fire tablet involves a record of what you visit on the Net.
Top Google Chrome Extensions Leak Data
News  |  9/29/2011  | 
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
In-House Malware Analysis: Why You Need It, How To Do It
News  |  9/29/2011  | 
In-depth malware analysis can be part of a comprehensive vulnerability management strategy. Here's how to get started
CIA Invests In Semantic Search, Wireless Networking
News  |  9/28/2011  | 
In-Q-Tel is partnering with NetBase and Connectify to make semantic search and virtual VPN technology available to the U.S. intelligence community.
Social Engineering Attacks Pose As Corporate Copiers
News  |  9/28/2011  | 
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
Why Cisco Didn't Fight Consumer IT
News  |  9/27/2011  | 
At the Mobilize conference, Cisco's Tom Gillis shares his company's experience with consumer IT: Resistance is futile.
MySQL Malware Hack Cost Just $3,000
News  |  9/27/2011  | 
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
The Best Spies Money Can Buy
News  |  9/26/2011  | 
Security firms have found evidence that espionage agents are buying time on leased botnets: Will cybercriminals services lead to more efficient spying?
Corporate Espionage's New Friend: Embedded Web Servers
News  |  9/26/2011  | 
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
Feds Seek Advice To Battle Botnets
News  |  9/23/2011  | 
Homeland Security and Commerce Departments want to develop voluntary, standard practices that will protect and mitigate attacks on the private sector.
Adobe Flash Player 11 Promises Security Improvements
News  |  9/23/2011  | 
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
Wardriving Burglars Hacked Business Wi-Fi Networks
News  |  9/23/2011  | 
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
FBI Busts Suspected LulzSec Hacker In Sony Breach
News  |  9/23/2011  | 
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
Web App Attacks Rise, Disclosed Bugs Decline
News  |  9/22/2011  | 
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
Apple's Lion OS At Risk To Password Vulnerability
News  |  9/21/2011  | 
Apple OS X 10.7 flaw would enable hacker to change a pair of passwords
A Call To Disarm Black Hat Hackers In China
News  |  9/21/2011  | 
Two infamous Chinese hackers issue a 'convention' document rallying hackers to disavow illegal hacking activities
Social Engineering Attacks Cost Companies
News  |  9/21/2011  | 
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
Adobe Preps Zero-Day Flash Patch
News  |  9/21/2011  | 
Vulnerability is being actively exploited in the wild, has already been patched in Chrome.
Apple Lion Vulnerable To Password Hack
News  |  9/20/2011  | 
Flaw in Mac OS X 10.7 allows logged-in attacker to change password without knowing previous one.
HTTPS Vulnerable To Crypto Attack
News  |  9/20/2011  | 
Security researchers have built a tool that exploits weaknesses in the SSL and TLS encryption protocol, used by millions of websites to secure communications.
SMBs Need Denial-Of-Service Action Plan
News  |  9/16/2011  | 
Once you've been attacked, you need to respond quickly. These five expert tips will help small and midsize businesses prepare.
Free 'HoneySink' Tool Captures Botnet Traffic
News  |  9/15/2011  | 
First open-source 'sinkhole' tool released by Honeynet Project
McAfee DeepSafe Promises Better PC Security
News  |  9/15/2011  | 
Taking advantage of features in Intel chips, DeepSafe technology uses virtual memory to spot and block otherwise stealthy rootkit infections.
7 Ways You Give Thieves Dibs On Your Database
News  |  9/15/2011  | 
Bad database security habits make life easy for hackers and malicious insiders.
Data Breach Avoidance Requires Copy Cops?
Commentary  |  9/15/2011  | 
A U.S. senator proposes more data breach regulation, but experts say IT should be thinking data control. As one CSO recently put it, "The problem is not securing a copy of the data; it's securing data against copying."
Windows 8 To Come With AV Baked In
News  |  9/14/2011  | 
Microsoft will knit its Microsoft Security Essentials into the next-generation Windows OS
Social Engineering Leads APT Attack Vectors
News  |  9/14/2011  | 
Combat advanced persistent threats with more adaptive user training and by acknowledging that networks today exist in a state of constant compromise, say experts.
Microsoft, Adobe Patch Vulnerabilities
News  |  9/14/2011  | 
Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates.
Americans Want Uncle Sam's Help With Cybercrime Protection
Quick Hits  |  9/13/2011  | 
New Eset/Harris Interactive poll finds most U.S. online adults feel vulnerable to a cyberattack
Managing The Risk Of Flaws In Third-Party Software
News  |  9/13/2011  | 
Companies need to focus on finding and resolving vulnerabilities in software libraries on which their own products rely, experts say
CIA Protects PCs From Prying Eyes
News  |  9/13/2011  | 
In-Q-Tel is investing in technology from Oculis that prevents visual eavesdroppers from seeing information on computer screens.
HP Expands Security Offerings
News  |  9/12/2011  | 
Hewlett-Packard upgrades and expands its security lineup, blending ArcSight IPS, Fortify code scanning, and WebAppDV to provide better context and defense against threats.
Linux Foundation Confirms Malware Attack
News  |  9/12/2011  | 
Foundation advises users to change passwords following exploit of kernel.org, used to distribute the Linux kernel.
Stanford Hospital Breach Exposes 20,000 ER Records
News  |  9/9/2011  | 
Spreadsheet uploaded to homework-help website exposed sensitive patient data for almost a year.
Virtualization Security: No One Product Does It
Commentary  |  9/8/2011  | 
VMware environments demand multiple tools to build barriers, trap intruders, maintain VM security-- and keep the Jason Cornishes out.
Android Survey Highlights Piracy Problem
News  |  9/8/2011  | 
Yankee Group and Skyhook Wireless issue report that faults Google for failing to do enough to prevent unauthorized app copying.
Car Systems Reminiscent Of Early PCs
News  |  9/8/2011  | 
A lack of security scrutiny leads automobile makers to make simple, familiar security mistakes
7 Key Homeland Security IT Developments Since 9/11
News  |  9/8/2011  | 
DHS has had mixed success over the past 10 years as it has created information sharing portals, biometrics systems, cybersecurity organizations, and border security technology.
How StartCom Foiled Comodohacker: 4 Lessons
News  |  9/8/2011  | 
Comodohacker claims to have exploited six certificate authorities including DigiNotar--yet he failed to break into at least one. Here's how StartCom's approach to security worked.
Disclosure In The APT Age
News  |  9/8/2011  | 
Yet another widespread advanced persistent threat-type campaign has hit the federal government--this one aimed at civilian agencies.
Your Car's Next Enemy: Malware
News  |  9/7/2011  | 
The increasing sophistication and network connectivity of automotive electronics will leave cars vulnerable to malware, McAfee says.
Inside The Booming Botnet Industry
News  |  9/7/2011  | 
Going rate for infecting 1,000 unique PCs? Up to $180 in the United States, or $7 or $8 in Asia. The pay-per-install malware business thrives.
Virtualization Security: Your Biggest Risk Is Disgruntled Insider
Commentary  |  9/6/2011  | 
Could 88 of your virtual servers be deleted by an angry insider during one McDonald's visit? Learn from Shionogi's experience.
Mitnick's Tale Sheds Light on Social Tactics
News  |  9/6/2011  | 
Lesson from the past: Targeted companies need good security processes to protect their data
Sony Hires Ex-DHS Official To Lead Security
News  |  9/6/2011  | 
The electronics giant has hired ex-DHS deputy undersecretary and Microsoft exec Phil Reitinger to right its security ship.
Google Maps Listings Marred By False Information
News  |  9/6/2011  | 
Businesses complain that Google Maps inaccurately lists them as being closed, an attack that reduces customer visits and diminishes online traffic.
Are Digital Certificates Doomed?
Commentary  |  9/6/2011  | 
Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.
Hackers Turn On Each Other
Commentary  |  9/6/2011  | 
WikiLeaks fumbles the disclosure of sensitive government cables, while hacking competition website RankMyHack.com finds little honor among members.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...