Dark Reading
Protect The Business - Enable Access
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
All Security Administration/Management Stories
Trend Micro Pioneers Integration Of Data-Loss Prevention (DLP) Across The Enterprise
Trend Micro Control Manager provides central management that's newly integrated for both data and threat protection
Intel Introduces Cloud-Based Identity Solution For Salesforce And Other Cloud Applications
Solution will help enterprise users utilize their Salesforce credentials to access popular cloud applications
Execs To Study Cyber Security In New NYU-Poly Master's Degree Track
Curriculum covers fundamentals of information security management
Poorly Managed Firewall Rule Sets Will Flag An Audit
Auditors and compliance managers alike are depending on firewall management principles and tools to cut through the complexity
Lookingglass Announces New Cyber Threat Alert And Warning Capability, CyberHUD
CyberHUD monitors global networks for resiliency, threats, malware, routing hijacks and malicious actor’s tools, tactics, and procedures
NetAuthority Launches, Radically Transforming Device Authentication
Company positioned to solve challenges associated with mass adoption of strong authentication solutions
Varonis Research Uncovers What IT Security Wants Most From Big Data
More than two-thirds of those surveyed think Big Data should be a strategic priority
Security Leaders Urged To Take Action, Responsibility
Talk is no longer enough for IT security pros, keynote speakers say at ISSA-LA conference
Infoglide And BusinessForensics Partner For Fraud, Risk Management Solutions
Infoglide’s Identity Resolution Engine software will enhance capabilities across BusinessForensic’s suite of fraud detection and risk management products
Viewfinity Releases Next-Gen Privilege Management Software
Viewfinity Privilege Management 4.0 automatically sets policies for rights and privileges
Information Services Group Joins Cloud Security Alliance
ISG will align services to best practice frameworks, contribute to definition of standards
Identropy Sets Its Sights On The Emerging IDaaS Market
Expands management team
Trend Micro Plug-In Makes It Easy For Companies Using Apache CloudStack To Encrypt And Protect Their Cloud Data
SecureCloud plug-in for Apache CloudStack is a small module that automates process of synchronizing cloud assets into SecureCloud
HP Moves HP Cloud Services To Public Beta
HP Cloud Compute, HP Cloud Object Storage, and HP Cloud Content Delivery Network, will be offered through a pay-as-you-go model
Trend Micro Reports First Quarter Results
Posts consolidated net sales of US $284 million
New .secure Internet Domain On Tap
'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites
3LM Expands Android Operating System Support; Introduces Security And Management For Apple's iOS Platform
Version 3.0 extends 3LM's Mobile Device and Application Management (MDAM) support
Symplified Introduces Identity As A Service Platform For Cloud Service Providers
Symplified StructureT enables cloud service providers to seamlessly integrate identity and access management capabilities across their suite of cloud services
NetIQ Minimizes Risk Of Unauthorized Access And Entitlement Creep
Access Governance Suite 6 delivers access recertification, job role management, automated access request management
New Panda Cloud Office Protection 6.0
New Malware Freezer quarantines detected malware for a week
eIQnetworks Unveils IT Security Solution To Strike Back Against Cyber Attacks
ForensicVue enables complex correlation and forensic searches
McAfee Introduces Network Security Platform
Updated Network Security Platform capable of scaling up to 80 Gbps
Ixia To Acquire Network Visibility Company, Anue Systems, For $145M
Anue’s Optimizer solutions help service providers and large enterprises aggregate and filter network traffic
IBM Profiles The New CSO, Security Exec
Infosec leaders say their role in the business is maturing, with roughly three-fourths now doing more than just responding to breaches and handling compliance, a new survey reveals
Slide Show: Security Gets Graphic
Notice that security companies have started producing a lot of infographics? We sure have. Here's a selection
Tech Centers
How To Detect And Root Out Sophisticated Malware
Are You A Human Confirms Man Or Machine With Games
State Of Utah Fires Tech Director Over Breach
MORE KEYHOLE
Featured Webcasts
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
- SMB Server Guide: Meeting Email, Virtualization, and Business Application Challenges
- Why Bad Guys Write Malware– And What You Can Do About It
- Data Protection and Microsoft Office 365: How Proofpoint Addresses Concerns of the Distributed Enterprise
- Techniques for Next-Gen Data Protection using Next-Gen Computing
Featured Whitepapers
Featured Reports
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
