Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/30/2007
06:42 AM
50%
50%

Finjan CTO to List Web Threats

Finjan CTO to list latest Web threats at Gartner IT Security Summit

SAN JOSE, Calif. -- Finjan, a leader in web security products, today announced that its Chief Technology Officer Yuval Ben-Itzhak will present the latest threats uncovered by Finjan’s Malicious Code Research Center (MCRC) at The Gartner IT Security Summit 2007 in Washington, D.C. on Monday, June 4. These threats include:

  • A new genre of highly sophisticated evasive attacks that hackers are using to lower the visibility of their malicious code in the wild

  • The proliferation of affiliation networks based on a “hosted model” for malicious code, which utilize off-the-shelf malicious code packages to compromise highly popular websites and even government domains.

  • New examples showing the growing presence of malicious code in online advertising on legitimate websites

    Yuval Ben-Itzhak will also address effective ways for organizations to counter these emerging threats (http://agendabuilder.gartner.com/sec13/WebPages/SessionList.aspx?speaker=3049).

    Hackers are now selectively exposing malicious code to innocent website visitors and hiding it from web crawlers utilized for classification by search engines and URL filtering engines.

    “The reality is that commercially-driven hackers are using new sophisticated methods, such as dynamic code obfuscation and evasive attacks, to bypass traditional signature-based and database reliant solutions, which were not designed to detect dynamic web scenarios,” said Yuval Ben-Itzhak, CTO, Finjan. “The combination of evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.”

    Finjan Software Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-18198
    PUBLISHED: 2019-10-18
    In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
    CVE-2019-18197
    PUBLISHED: 2019-10-18
    In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
    CVE-2019-4409
    PUBLISHED: 2019-10-18
    HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...
    CVE-2019-13545
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
    CVE-2019-13541
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.