Dark Reading
Protect The Business - Enable Access
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Most Recent | 1 | 2
Around The Web
H ONLINE
Attackers Exploit DLL Vulnerability In Office And Other Applications
SANS Internet Storm Center says cybercriminals are already exploiting the DLL vulnerability in applications including Microsoft Office, WindowsMail, and uTorrent
THE REGISTER
Apple Kills Jailbreakme Mac Bug
Apple patches more than a dozen vulnerabilities in the Mac OS X, including one that was used to jailbreak the company's iPhone. Exploits had already appeared targeting the security issue
COMPUTERWORLD
Google's Chrome Speeds Up Flash Patching Seven-Fold
Google pushes out patches for Adobe's Flash via Chrome's silent update service. The result: A seven-fold increase in patch adoption.
PC WORLD
Microsoft Partners Slow to Patch, Report Says
Third-party application makers patched less than half of the vulnerabilities reported to them in the previous 12 months, according to Microsoft.
BUSINESS WIRE
Tenable Network Security Awarded U.S. Patent for Network Monitoring Technology
The maker of the Nessus vulnerability and network scanner scores a patent on using passive network monitoring to find vulnerable assets.
CNET NEWS.COM
Forcing Vendors To Fix Bugs Under Deadline
Researchers complain that vendors still take their time fixing serious software vulnerabilities, but the firm that runs the Zero-Day Initiative plans to limit that time to six months
BANKINFOSECURITY
10 Tips To Thwart Skimming
It's all about layered security, monitoring, system audits, and education
CIO
Google Squashes Gmail Bug
Google patched a Gmail flaw that caused some users' accounts to resend messages multiple times
WEB APPLICATION SECURITY CONSORTIUM
WASC Threat Classification v2.0 Released
WASC Threat Classification v2.0 Released
GLOBAL SECURITY MAGAZINE
Record-Breaking 43 Anti-Malware Products Undergo VB100 Certification Testing On Windows 7
Seven products fail to make grade in largest test ever
ABS CBN NEWS
Kaspersky Predicts More iPhone, Android Attacks In 2010
Kaspersky Predicts More iPhone, Android Attacks In 2010
KHQ
Security Breach At Eastern Washington University
More than 130,000 current and former students notified after vulnerability audit revealed potential hack
TECH SHOUT
Facebook And Twitter To Face Emerging Threats In 2010, Says McAfee
Facebook And Twitter To Face Emerging Threats In 2010, Says McAfee
GLOBAL SECURITY MAGAZINE
Security Expert Finds Problem With Microsoft's MSN.com
Server error in regional subdomains could lead to attack, expert says
INFOWORLD
Top Security Predictions For 2010
Mobile security issues will worsen; cloud security will expand, pundits say
HELP NET SECURITY
E-Threats Shifting With Current Events
Malware and spam morph to take advantage of provocative news, BitDefender says
COMPUTERWORLD UK
Cybercriminals Pay For Access To Infected UK and US PCs
Bounty offered to those who infect PCs with malware, study says
TECH WORLD
Hackers Not Exploiting Windows Attack Code
SMBv2 bug not a popular target, security experts say
IT SECURITY PORTAL
Badly Configured Routing Compromises Security
Expert offers tips on how to avoid pitfalls that might leave networks vulnerable
MIT NEWS
Securing The Web
New MIT programming tool would automatically plug holes that hackers exploit
Best Of Web Archive:
Most Recent | 1| 2
When And How Attackers Are Owning Businesses
Smarter, Stealthier, Sneakier Malware
Más DDoS: More Powerful, Complex, And Widespread
MORE KEYHOLE
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
