Advertise

News & Commentary

Content posted in December 2005

View Content By Month

Let's Make 2006 The Year We Wipe Out Spam

Commentary | 12/30/2005 |

Post a comment

We don't care about spam anymore, and that's wrong. Spam is a crime highway that runs straight through your computer, carrying a cargo of worms, fraud, viruses and other attacks. Security vendor Sophos reported that attacks jumped 48% in the first 11 months of 2005. The most dangerous threats were spam-distributed. Spam has direct financial costs, as network managers are required to spend money on software and

The Perfect Going-Away Gift From 2005: More Consumer Data Breaches

Commentary | 12/29/2005 |

Post a comment

Any doubt that 2005 would be known as the unofficial Year of Lost Consumer Data was swept away in the past week by news of two data compromises that cast a pall over the holidays. First, acting on a tip from a reader, InformationWeek's Larry Greenemeier verified that the Department of Justice, the very agency charged with combating identity theft, had inadvertently exposed on its Web site social security numbers

Social Security Numbers On The Justice Department's Web Site Could Lead To Identity Theft

Commentary | 12/23/2005 |

Post a comment

I know a little something about identity theft, having spent the past four months trying to convince my bank that nearly $800 in purchases at Toy 'R' Us allegedly made using my Visa debit card were fraudulent. So when I opened an E-mail Monday morning that described an InformationWeek reader's efforts to alert the Justice Department that its Web site was revealing Social Security numbers on court docum

Homeland Insecurity

Commentary | 12/19/2005 |

Post a comment

It's interesting that our government is so concerned about homeland security that it does not mind bypassing secret courts to even more secretly eavesdrop on citizens, and yet it cannot seem to find the time, energy, and/or dollars to successfully bring its own agencies up to snuff security-wise.

Security Is Not Insurance

Commentary | 12/14/2005 |

Post a comment

What's the hardest part of a chief security officer's job? Evaluating new technologies? Establishing policies for users to follow? Actually, it's more political than that, Jim Routh, chief security officer of Depository Trust & Clearing Corp., said during an Interop presentation Tuesday. "The hardest part of a CSO's job is influencing information security and practices that will be implemented throughout an organization," he said. "It's a delicate process, particularly when you're asking an IT o

View Content by Month

[close this box]

Hot Topics

Editors' Choice

More Than Half of Users Reuse Passwords

Curtis Franklin Jr., Senior Editor at Dark Reading, 5/24/2018

Is Threat Intelligence Garbage?

Chris McDaniels, Chief Information Security Officer of Mosaic451, 5/23/2018

Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime

Dark Reading Staff 5/22/2018

Webinars

Learn About Cyber Attackers & How They Target Your Organization

Threat Intelligence: Where to Start & What to Ask

Cyber Threats to ICS, Are You Ready?

Webinar Archives

White Papers

Phishing Attack Bypasses Two-Factor Authentication

Unstructured Data Risk Assessment

KPRs for Remote Support

Phishing Response Trends: It's a Cluster

5 Phishing Predictions

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

The Dark Reading Security Spending Survey

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-11505
PUBLISHED: 2018-05-26

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.

CVE-2018-6409
PUBLISHED: 2018-05-26

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.

CVE-2018-6410
PUBLISHED: 2018-05-26

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.

CVE-2018-6411
PUBLISHED: 2018-05-26

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.

CVE-2018-11500
PUBLISHED: 2018-05-26

An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

Terms of Service
Privacy Statement
Legal Entities