Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/30/2007
06:42 AM
50%
50%

Finjan CTO to List Web Threats

Finjan CTO to list latest Web threats at Gartner IT Security Summit

SAN JOSE, Calif. -- Finjan, a leader in web security products, today announced that its Chief Technology Officer Yuval Ben-Itzhak will present the latest threats uncovered by Finjan’s Malicious Code Research Center (MCRC) at The Gartner IT Security Summit 2007 in Washington, D.C. on Monday, June 4. These threats include:

  • A new genre of highly sophisticated evasive attacks that hackers are using to lower the visibility of their malicious code in the wild

  • The proliferation of affiliation networks based on a “hosted model” for malicious code, which utilize off-the-shelf malicious code packages to compromise highly popular websites and even government domains.

  • New examples showing the growing presence of malicious code in online advertising on legitimate websites

    Yuval Ben-Itzhak will also address effective ways for organizations to counter these emerging threats (http://agendabuilder.gartner.com/sec13/WebPages/SessionList.aspx?speaker=3049).

    Hackers are now selectively exposing malicious code to innocent website visitors and hiding it from web crawlers utilized for classification by search engines and URL filtering engines.

    “The reality is that commercially-driven hackers are using new sophisticated methods, such as dynamic code obfuscation and evasive attacks, to bypass traditional signature-based and database reliant solutions, which were not designed to detect dynamic web scenarios,” said Yuval Ben-Itzhak, CTO, Finjan. “The combination of evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.”

    Finjan Software Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/27/2020
    10 iOS Security Tips to Lock Down Your iPhone
    Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
    How an Industry Consortium Can Reinvent Security Solution Testing
    Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13386
    PUBLISHED: 2020-05-27
    In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled...
    CVE-2019-20806
    PUBLISHED: 2020-05-27
    An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
    CVE-2020-10737
    PUBLISHED: 2020-05-27
    A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
    CVE-2020-13622
    PUBLISHED: 2020-05-27
    JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
    CVE-2020-13623
    PUBLISHED: 2020-05-27
    JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.