Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/31/2008
12:26 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Four Threats For '09 That You've Probably Never Heard Of (Or Thought About)

What could keep you up at night in the new year may not be what you expect -- a look at some of the lesser-known threats predicted for 2009

You're probably gearing up for the well-known security risks you've watched emerge over the past year to go front burner in the new year -- the insider threat, Web 2.0, and targeted attacks. But don't pop that champagne cork just yet: Some obscure potential threats that could be more difficult to prepare for and defend against also are looming for 2009.

These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats that could trickle down to your organization. We're talking Internet network infrastructure attacks, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable -- human casualties as a result of a cyberattack.

The bad news is that some security experts have these threats on their radar screen in the new year. The good news/bad news is that your organization is more likely to suffer a Website hack than one of these attacks. That doesn't mean you should scratch these threats from your list of threats for the new year, either. But don't panic: Even if you can't personally stop a cyberattack on your ISP, you can at least be aware of the risks and set up a contingency plan. "These aren't something IT administrators or everyday Joes can do [much of] anything about," says Kevin Prince, chief architect for Perimeter eSecurity.

So before you turn out the office lights for the night (and the year), check out these lesser-known potential threats that security experts are watching out for in '09.

Next: An Internet "e-bomb" Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

 

Recommended Reading:

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.