News & Commentary
Content posted in May 2007
|
Why Catching The 'Spam King' Won't Save Your In-Box
Even if a judge and jury lock up Robert Alan Soloway for the rest of his natural born life, your in-box will still be inundated with tons of offers for HGH, porn, and penny stocks.
Guerrilla Storage
Hackers could use your computers to house their data, Symantec researchers say
Spamless in Seattle
My spam filter didn't get the memo
Beware of the Quiet Ones
Vulnerability report for '06 shows XSS still number one, but lesser-known bugs making inroads
Compromised Site Causes Trouble
Malicious Java Script makes user's browser download, execute Trojan
How to Stop Political Attacks
Experts advise users on how to defend themselves against cyber-terrorism, cyber wars, and hacktivism
BeCrypt to Talk Securing Workers
BeCrypt will be debuting its latest product Trusted Client in the US at the Gartner IT Security Summit
Monty Python's Flying Backup
If all vendors' presentations were this funny, we'd invite them over more often
Finjan CTO to List Web Threats
Finjan CTO to list latest Web threats at Gartner IT Security Summit
UPMC Taps TriCipher
Medical center taps TriCipher to protect patient health information
CDW Readies for Buyout
Tentative agreement to sell out to private equity firm will open 30-day bidding process
Securify Adds Identity-Based Discovery
Securify announced general availability of the next version of its identity-aware monitoring solution
AppGate Supports Windows Mobile 6
AppGate provides a truly mobile solution that enables users of mobile devices to securely access all resources inside an internal network
Bug Disclosures Decline
The rate of vulnerabilities disclosed publicly has dropped drastically so far this year, but don't exhale yet
SecureMac Rolls Anti-Spyware Tool
SecureMac released MacScan 2.4.1, the latest version of the company's industry leading anti-spyware package for Macintosh computers
Data Security: You're Not Learning From Others' Mistakes
As I was catching up on some e-mail last night, I came across a message that's become all too familiar to me. It was textbook: A company was apologizing that one of its laptops had been stolen and that the laptop contained customer account and credit card information. A real yawner, until I considered that this e-mail was delivered to my personal e-mail account and that it was my customer account and credit card info that may have been compromised. Companies just aren't getting the messag
TSCP Chooses CertiPath
TSCP selects CertiPath to manage joint public- and private-sector alliance
VeriSign's CEO Signs Off
Analysts say company could get fresh start as Sclavos walks after 12-year tenure
New Laws Don't Solve Global Problems
US, Germany advance legislation against spyware, spam - but can't do much to stop foreign exploits
Security With a Native Touch
Outsourcing overseas is a great idea, as long as a native-born local can bridge the cultural - and legal - gaps
Study: 80% Plan Network-Based NAC
Eighty percent plan to enforce NAC in the network, says Infonetics in new study
VeriSign CEO Steps Down
VeriSign said Tuesday Chief Executive and director Stratton D. Sclavos stepped down from his positions for undisclosed reasons
KACE, GuardianEdge Integrate Platforms
KACE and GuardianEdge announce integration between KBOX family of appliances and GuardianEdge data protection platform
Akonix Intros IM Security Appliance
Akonix addresses instant messaging security and compliance concerns of smaller businesses
Cryptomathic Intros Key Management System
Cryptomathic launched a Key Management System that enables organizations to manage the lifecycle of cryptographic keys using a central approach
FlexiSPY Spills BlackBerry Secrets
Vervata has released new versions of its controversial FlexiSPY mobile phone spy software
GFI Releases PCI Compliance White Paper
GFI has launched a white paper to explain what the PCI DSS are, how they affect different companies, and the repercussions of non-compliance
Webroot Cautions Online Betters
Webroot Software advises caution for online betters during Epsom Derby
New Security Suite on a USB Stick
Yoggie revolutionizes computer security by launching the world's first full security suite on a USB stick
Fed Workers Still in the Dark
Despite completing awareness courses, majority of government workers say they've never heard of key guidelines
Blogging With Security
Common sense - and a mind for what's fit for public consumption - should be your guideposts
Users' Most Hated Sales Pitches
What ticks you off about security vendors' sales pitches? Exasperated customers offer their un-favorites
Microsoft Takes Aim at Endpoint
Microsoft says Network Access Protection (NAP), SSL VPN gateway will play nicely together
Wireless: Fix, Not Flaw
New applications help WiFi shed its image as enterprises' biggest network vulnerability
Vegas BBQ -- Burn, PC, Burn
Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.
CryptoCard to Hold Workshop
CryptoCard's 'It Takes More Than Technology' reseller workshop explains that technology alone cannot solve real business security issues
NAC Vendors in the Hot Seat
Cisco, Microsoft shared the dais, and their thoughts on NAC, here yesterday at Interop
SophosLabs Launches 24-Hour Blog
Sophos announced the launch of a new security blog designed to provide breaking news, insight, and commentary on emerging security threats
Spooks in the Booth
You never know who you'll see at Interop Las Vegas - even a certain spy agency
At Interop, Security Talk Is Largely About Network Access Control
Here at Interop, there's a lot of focus on security and a lot of that security attention is aimed right at network access control. It's a hot-button topic here. The question plaguing many IT and security managers, though, might be where to get started.
New Spec Could Cut Phishing, Spam
IETF approves email signature standard pioneered by Yahoo!, Cisco
StillSecure Bets on Embedded Security
Cobia platform spurs debate over 'open source'
Check Point Protects Minnesota
State of Minnesota selects Check Point's data security solutions to protect sensitive data
Open Source Pitfalls
Innovation abounds with open source, but some code gets left behind on a virtual compost heap
Identity Engines Upgrades, Partners
Identity Engines harnesses user, posture, and policy in end-to-end 802.1X solution; industry standard now integrated with Ignition Server
SonicWall Unveils Security App
SonicWall unveiled the SonicWall Network Security Appliance (NSA) E7500
Startup to Ship Sweetened Honeypot
New, real-time, AI-based forensics appliance uses virtualized honeypot technology and interfaces with IDS/IPSes
Cisco, EMC Team on Fabric Encryption
Cisco unveils plans for switch fabric encryption, skeptical users may take some convincing
RTTS, SPI Dynamics Join Forces
RTTS announced its new strategic partnership with SPI Dynamics
Spyware Hides in Plain Sight
Those innocuous little toolbars could be leaking your corporate data
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The one you have not seen, won't be remembered".
Latest Comment: "The one you have not seen, won't be remembered".
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2017-9317
PUBLISHED: 2018-05-23
PUBLISHED: 2018-05-23
PUBLISHED: 2018-05-23
PUBLISHED: 2018-05-23
PUBLISHED: 2018-05-23
From DHS/US-CERT's National Vulnerability Database CVE-2017-9317
PUBLISHED: 2018-05-23
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVE-2018-1193PUBLISHED: 2018-05-23
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
CVE-2018-1122PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1123PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1125PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This