Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2013
Project Sonar Crowdsources A Better Bug Killer
News  |  9/30/2013  | 
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
Tech Insight: Top 4 Problem Areas That Lead To Internal Data Breaches
News  |  9/27/2013  | 
Enterprise constantly fail in four areas, which, in turn, can easily cause intentional and unintentional data leaks
Insider Threats Get More Difficult To Detect
News  |  9/27/2013  | 
User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Fixating On The Edges
Commentary  |  9/26/2013  | 
Security folks tend to concentrate on their inability to block improbable attacks, while forgetting to focus on the attacks they're most likely to see
Threat-Intel Sharing Services Emerge, But Challenges Remain
News  |  9/26/2013  | 
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
Report: 8 Out of 10 Users Infected With A Trojan
Quick Hits  |  9/26/2013  | 
Trojans overshadow all other forms of malware in second quarter, new study from PandaLabs shows
Protecting The Network From Bring-Your-Own Vulnerabilities
News  |  9/25/2013  | 
Companies that allow employees to use their own devices for work inherit their employees' vulnerabilities. How should companies secure networks in the age of BYOD?
Hacking The Threat Intelligence-Sharing Model
News  |  9/25/2013  | 
A new report shines light on what's holding back more widespread, efficient sharing of attack intelligence among organizations
Social Spam Invades The Enterprise
News  |  9/25/2013  | 
Spammers increasingly dodge email spam tools by using social media, posing new risks to government and corporate enterprises, study says.
FISMA Security Approach Falls Short, Fed IT Pros Say
News  |  9/25/2013  | 
Primary tool for defending government information systems is inadequate in the battle against cyber threats and attacks, federal IT security managers say.
Yahoo Responds To Recycled Email Security Problem
News  |  9/25/2013  | 
Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.
5 Steps To Stop A Snowden Scenario
News  |  9/24/2013  | 
The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access
Lack Of Security Expertise? App-Analysis Services Could Help
News  |  9/23/2013  | 
Companies now have a selection of software-scanning services to help assess their Web applications and find bugs -- here's a look at what makes a good service
Penetration Testing For Beginners
News  |  9/23/2013  | 
Interop workshop instructor discusses what it takes for networking pros to start wrapping their arms around security testing basics
Energy Dept. Invests $30 Million In Utility Security
News  |  9/23/2013  | 
Contracts will support new tools to protect electrical, gas and oil infrastructures from cyber attacks.
Yahoo Recycled Emails: Users Find Security Surprises
News  |  9/23/2013  | 
Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders -- including personal data.
Apple iPhone 5s Fooled By Fake Finger
News  |  9/23/2013  | 
Chaos Computer Club hackers bypass the fingerprint sensor in Apple's iPhone 5s, may qualify for Touch ID hack bounty.
Android Facebook App Users: Patch Now
News  |  9/20/2013  | 
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
Phishers Expand Brands, Shift Gears
News  |  9/19/2013  | 
More brands than ever getting phished as cybercriminals branch out and rely less on mass phishing attacks
It's New And Shiny. Be Afraid. Be Very Afraid.
Commentary  |  9/19/2013  | 
In the age of page views and breaking news, we have to reserve judgement until the facts emerge. Apple's Touch ID launch is just another example of fear-mongers favoring FUD over fact
3 Steps To Secure Your Business In A Post-Signature World
News  |  9/18/2013  | 
From fully undetectable malware to low-volume targeted trojans, digital threats frequently do not have a signature, but companies can still prepare
Microsoft: Beware IE Zero-Day Attacks
News  |  9/18/2013  | 
Microsoft offers temporary fix for security flaw in most versions of Internet Explorer, but doesn't yet have a patch to stop attackers from remotely executing code.
NSA Contracted With Zero-Day Vendor Vupen
News  |  9/17/2013  | 
NSA likely used French exploit service to keep tabs on the competition and run "deniable cyber ops," says cyber-weapon critic.
Fast Scanning To Fuel 'Golden Age' Of Global Flaw Finding
News  |  9/17/2013  | 
A network scanner that can survey the Internet in less than an hour will make it easier for research groups to expose vulnerabilities on the Internet
Post-NSA Leaks, Android Encrypted Texting Arrives
News  |  9/16/2013  | 
New Android apps bring secure texting to "the masses"
Mobile Bug Bounty: $300K For New Exploits
News  |  9/13/2013  | 
Mobile Pwn2Own contest's prize money may be too far below the zero-day vulnerability market rate to net meaningful submissions.
Microsoft Nukes Buggy Office 2013 Update
News  |  9/12/2013  | 
Second batch of faulty software from Microsoft in two months reinforces recommendation to patch in staggered fashion.
NSA Fallout: Encrypt Everything, Enterprises Advised
News  |  9/12/2013  | 
The NSA may have cracked crypto and added product backdoors, but businesses must focus on internal security practices as well.
NSA Fallout: Google Speeds Data Encryption Plans
News  |  9/10/2013  | 
Google's initiative to encrypt data in its internal data centers will slow -- but not prevent -- sophisticated government hackers from surreptitiously monitoring traffic.
Tackling Enterprise Threats From The Internet Of Things
News  |  9/9/2013  | 
Embedded device dangers don't just plague consumers or industrial control systems
Latest NSA Crypto Revelations Could Spur Internet Makeover
News  |  9/9/2013  | 
Concerns over backdoors and cracked crypto executed by the spy agency is prompting calls for new more secure Internet protocols, IETF will address latest developments at November meeting
Nigerian Scam Keylogger Tactics Exposed
News  |  9/9/2013  | 
Hacker shares look into PrivateRecovery service, which offers would-be scammers customized keyloggers disguised as screen savers.
Sykipot Malware Now Targeting Civil Aviation Information
Quick Hits  |  9/9/2013  | 
Sykipot attack now being repurposed to steal civil aviation data, TrendLabs researchers say
Yet Another Reason To Hate Online Ads
Commentary  |  9/8/2013  | 
Through the magic of JavaScript and ad networks, research presented at Black Hat by Jeremiah Grossman and Matt Johansen shows how to build a huge botnet quickly -- and then the fun begins
FBI Warns Of Syrian Electronic Army Hacking Threat
News  |  9/6/2013  | 
Recent string of high-profile website and Twitter takedowns leads some security professionals to question whether hackers are getting help from Iran.
Researcher Pokes Holes In Java 7 Security
News  |  9/5/2013  | 
Programmer questions Java 7 security model, details hacks that allow faked app locations and server redirects.
World's Trouble Spots Escalating Into Cyberthreats For Businesses
News  |  9/5/2013  | 
As regional troubles spill over to the digital world, companies should reinforce their defenses and demand their suppliers do the same, experts say
Red Teaming the Electric Grid
Commentary  |  9/3/2013  | 
Tom Parker explores the complexities of an attack against the US bulk electric system.
An Unrestricted Syria
Commentary  |  9/3/2013  | 
Cyber on the table for Syria's possible response to a U.S. missile strike?
'Hand Of Thief' Linux Trojan Not Ready For Prime Time
Quick Hits  |  9/3/2013  | 
Researchers find that Russian cybercriminals' new malware toolkit for targeting Linux platforms currently unable to effectively steal data
Software Patches Eat Government IT's Lunch
Commentary  |  9/3/2013  | 
The software industry's publish-now, update-later approach exacts a huge toll on government IT leaders like Robert Jack, CIO of the U.S. Marine Corps.
30-Second HTTPS Crypto Cracking Tool Released
News  |  9/3/2013  | 
BREACH testing tool reveals sites susceptible to attack that recovers plaintext information from encrypted traffic.


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.