News & Commentary
Content posted in September 2007
|
Would You Hire This Hacker?
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Attackers Kill Anti-Fraud Site
Fraudwatchers.org buckles, collapses under weight of month-long denial-of-service attack
iHack With an iPhone
Your iPhone isn't just hot-looking - it's also a potential hacking weapon
Retail Security: No Sale
Despite harsh lessons at TJX and redoubled efforts by credit card companies to push PCI, customer data remains at risk
Bradford Networks' NAC Secures 1M Users
Bradford Networks' NAC secures 1M users during back-to-school rush
Akonix Publishes September IM Threat Report
Akonix's Threat Center tracks 33 IM attacks
CyberDefender Adds Remote Support
CyberDefender debuts new Internet security suites
Your Health Is None of Your Damn Business
Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records
Microsofties Check Out Vulnerability Auction Site at Blue Hat
WabiSabiLabi participates in closed-door Microsoft summit of security researchers and Microsoft staff
Hackers Exploit Crisis in Burma
Email links to Dalai Lama's genuine Website, but attachment is malicious
Disaster Recovery: Plan for Recovery, Not for Disaster
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Startup Wins License for Secure Biometrics Token
Technology promises to protect privacy of user whose biometric data is stolen or copied
Comodo Unveils Free Security Tools
Comodo helps consumers stay safe online with new Website visual trust indicator and free desktop security tools
Cybercriminals on Your Doorstep
Latest scams range from legit-looking auction sites to looking you in the eye while they steal your money
Malware Plays Defense
New exploits can tell when they're being sandboxed for analysis
Verizon Business to Host Security Webinar
Experts address strategies for strengthening identity and access management programs
Quantum Secure Launches SAFE Agent
Quantum Secure launches SAFE Agent for Sun Microsystems' Java Identity Manager
Ounce Adds Classic ASP Support
Ounce Labs extends analysis capabilities with support for classic ASP
Survey: Who's Responsible for Compliance?
Polivec study shows growing acceptance of regulatory compliance but disagreement on who's responsible and who pays
Virus, Phishing Rise in Sept.
2nd wave of C-Level targeted attacks with increased sophistication
Video Shows Hack of US Power Grid
A graphic dramatization made for the Department of Homeland Security simulates potential impact of a cyberterrorist attack on utility grids
Getting to the Real Endpoint of Endpoint Security
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Many Retailers Will Not Make PCI Compliance Deadline
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Metasploit Adds iPhone Hacking Tools
Popular pen-test tool now comes with Apple iPhone payloads
Call for Leading Lights Entries
September 28 entry deadline for Light Reading's Leading Lights Awards is coming up!
Trend Micro Unveils TM Internet Security 2008
New Trend Micro Internet Security products strengthen personal information protection and deliver enhanced performance
Hackers Post Names, Credit Card Info on eBay
Auction site says incident is a hack, not a leak
ArcSight Debuts PCI Protection
ArcSight debuts comprehensive, scalable and cost-effective PCI protection solution
Watson SCS Offers Free IT Security Assessment
IBM partner Watson SCS offers complimentary IT security assessment
Uplinkearth Partners With Comodo
Uplinkearth partners with Comodo to provide SSL certificates, such as the newly released EV SSL certificates
Peter Tippett to Keynote Tradeshow
Security pioneer from Verizon Business to keynote at virtual security tradeshow
Brabeion Joins PCI Alliance
Brabeion Software joins PCI Security Vendor Alliance and helps major retailers meet PCI data security standard deadlines
Blue Lane Adds Support for VMware
Blue Lane delivers unmatched protection and network flow visibility for VMware Infrastructure 3 environments
VARs Adopt Consolidated Network Security
VARs adopting consolidated network security solutions as corporate demand escalates
Canadian Government Sheds Light On TJX Breach
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
San Jacinto College Uses Mirage's NAC
San Jacinto College seeks to protect from threats introduced by peer-to-peer file sharing
Virtual Civil Disobedience
Now that n.runs has opened the floodgates by putting its hacking tool back online, who'll step up next?
Cigital Secures Marriott International
Cigital develops data encryption solution for Marriott International
VeriSign Flexes DNS Security Muscle
Internet DNS server host upgrades its infrastructure as DNS attacks continue to hammer the Net
Code Green Launches DLP Appliance
Code Green Networks launches industry's first data loss prevention appliance for small businesses and branch offices
BreakingPoint Unveils Application Traffic Generator
BreakingPoint Systems unveils world's fastest application traffic generator
Former CheckPoint VP Joins Insightix
Bill Lavelle joins Insightix as vice president of sales in the Americas
Apple: Bypassing AT&T Can Break Your iPhone
Trying to use another service could be the death of your favorite new gadget
Mexico City Airport Adds New ID Solution
Mexico City International Airport uses Bioscrypt's identity and access management solution in new state-of-the-art terminal
Sophos Update Blocks Remote Connection Tools
Sophos helps organizations block unauthorized remote connection tools
NeoScale, Bridgehead Announce New Encryption
Combined solution provides enterprise-wide data protection and robust encryption with enterprise key management for hospital data on tape
VeriSign Completes Milestones
VeriSign completes key milestones in initiative to strengthen and diversify global Internet infrastructure
Study: Poor ID, Access Management in UK
New independent survey by Siemens Insight Consulting uncovers security policy lapses in UK business
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19279
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
From DHS/US-CERT's National Vulnerability Database CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This