Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Epic Security #FAILS Of The Past 10 Years
Newest First  |  Oldest First  |  Threaded View
cyberpink
50%
50%
cyberpink,
User Rank: Strategist
6/9/2016 | 9:34:31 AM
Re: Anti virus
As crazy as it might sound, if you do not write the code, there is no telling what the code is actually doing in secret.  I try to pay attention to who wrote it, and what their reputation is.  If the company gives away apps geared toward businesses, and is also the same group responsible for distributing malware (which you can research on the internet), then there is a real good chance the free apps are not going to be friendly apps.  Also pay attention to where the data is stored.  If you use an app and the data is going to a server in one of the 26 malicious nation-states known for hacking, that would be a great app to avoid, no matter how many people like to use it.  I feel that more and more companies are going to move toward writing custom software solutions in the future. 
RajeevS411
100%
0%
RajeevS411,
User Rank: Apprentice
6/5/2016 | 8:15:56 PM
Anti virus
I just dont get it why people keep on creating these malwares to cause damage to others. Its just terrorism. Ive been buying software for almost every year. But since I purchased ESET Antivirus, I was stucked with it. I mean, I get satisfied with its perfomance. Lets see if it will cause me to buy more antivirus
paulno
50%
50%
paulno,
User Rank: Apprentice
5/19/2016 | 6:09:52 PM
I still predict more ones in the future with new technologies
Yes and it's not finished. Most of these fails are still current security shortfalls today and the article on Linkedin's hack highligh it perfectly. Hackers will still have fun next years as with the rise of new technologies, web languages and devices, IT vulnerabilities keep on emerging in the same time. We can't count on users to detect them, it's not their job. What can we do ? Prevent most of them, and try to react asap for the others... But let's be realistic : we'll never be abble to make a 0 fails world.


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...