Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2012
PNC Bank Hit By Crowdsourced Hacktivist Attacks
News  |  9/28/2012  | 
Financial services website disrupted by DDoS attacks launched to protest anti-Muslim film, following similar attacks against Wells Fargo, U.S. Bank, and Bank of America.
Profiling The Cybercriminal And The Cyberspy
News  |  9/27/2012  | 
Insight into key characteristics, behaviors of cybercrime versus cyberespionage attackers can help -- but the threats aren't just from China and Eastern Europe
Muslim Hacktivists Take Credit For U.S. Bank Attack
News  |  9/27/2012  | 
A hacktivist group is apparently following through on its vow to attack financial institutions in retaliation for anti-Muslim film.
Deja Vu All Over Again: New Java Vulnerability Found, Bypasses Built-In Security
Quick Hits  |  9/26/2012  | 
Yet another Java bug has been discovered—and this one breaks out of the software's sandbox
Java Vulnerability Affects 1 Billion Plug-ins
News  |  9/26/2012  | 
Another week, another Java vulnerability--only this one affects all versions of Java released in the past eight years.
Twitter Direct Messages Disguise Trojan App Attack
News  |  9/25/2012  | 
Compromised Twitter accounts send fake Facebook videos and Flash updates that trigger drive-by malware exploits.
Watch The Watchers: 'Trusted' Employees Can Do Damage
News  |  9/25/2012  | 
A study of insider attacks within financial firms offers lessons to other companies: identify important data, limit access, and scrutinize trusted users most closely
Microsoft IE Patch Fixes Flaw Under Active Attack
News  |  9/24/2012  | 
Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks.
IBM Predicts Rise In OS X Exploits, Touts Sandboxing
News  |  9/20/2012  | 
IBM's X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.
Bank Of America Website Slows After Islamic Hacker Threats
News  |  9/19/2012  | 
Group protesting anti-Islam film claims credit for website service interruptions that hit Bank of America Tuesday afternoon.
Mikko's Malware Odyssey
News  |  9/18/2012  | 
Security guru Mikko Hypponen talks malware evolution, factory-automation vulnerabilities, Space Invaders, and jamming to Justin Bieber
Microsoft Warns Of IE 9 Security Bug
News  |  9/18/2012  | 
Microsoft promises fix for zero-day exploit that puts users of IE 9, and earlier IE versions, at risk upon visiting a malicious website.
Services Can Help Identify Mobile Risks
News  |  9/17/2012  | 
While mobile device management (MDM) services can help a company manage its employees phones and tablets, figuring out whether the devices are up-to-date is also critical
Cloud Services Face Different Security Threats
News  |  9/14/2012  | 
Alert Logic study finds that cloud and on-premises customers face about the same number, but different types, of threats.
Is 'Virus Expert' Tied To PlugX RAT Malware?
News  |  9/13/2012  | 
Security firm AlienVault believes "whg0001" helped create malware used to attack targets in Japan, South Korea, Taiwan, and Tibet.
Symantec Security Has Become Forgotten Child, Critics Say
News  |  9/13/2012  | 
After Symantec leadership change, some channel partners question whether the company will continue emphasizing its storage business over security.
Cisco Releases Cloud IPS, Upgrades Security Products
News  |  9/12/2012  | 
Network equipment vendor's new products and services focus on improving security for mixed physical, virtual, and cloud environments, as well as BYOD.
GoDaddy Outage: Anonymous Attack Or IT Failure?
News  |  9/12/2012  | 
If hacktivists weren't behind the six-hour outage, as GoDaddy's CEO contends, they may still have taken advantage of the situation.
Old Operating Systems Die Harder
Quick Hits  |  9/11/2012  | 
Aging OSes like XP still getting hit big-time with old exploits, new data shows
6 Ways To Strengthen Web App Security
News  |  9/7/2012  | 
Want to keep your Web application from getting hacked? Here's how to get serious about secure apps.
Fixing The Patch Problem
News  |  9/7/2012  | 
Many companies are patching systems more slowly than in the past. Using a service that packages fixes can speed updates and give businesses a better chance of closing security holes
Java Still Not Safe, Security Experts Say
News  |  9/6/2012  | 
Oracle needs to fix holes faster, say some security experts. Leave Java disabled for now, because Oracle's emergency patch is insufficient.
Oracle Emergency Java Patch Opens Fresh Trouble
News  |  9/5/2012  | 
Oracle's emergency patch fixes flaws being used in active attacks, but opens the door to a previously undisclosed vulnerability.
FBI, AntiSec Spar On Apple IDs
News  |  9/5/2012  | 
FBI denies laptop data breach, but some security experts believe agency may have suffered a phishing attack.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38258
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-39223
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
CVE-2021-39224
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
CVE-2021-39225
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...