News & Commentary
Content posted in September 2007
|
Would You Hire This Hacker?
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Attackers Kill Anti-Fraud Site
Fraudwatchers.org buckles, collapses under weight of month-long denial-of-service attack
iHack With an iPhone
Your iPhone isn't just hot-looking - it's also a potential hacking weapon
Retail Security: No Sale
Despite harsh lessons at TJX and redoubled efforts by credit card companies to push PCI, customer data remains at risk
Bradford Networks' NAC Secures 1M Users
Bradford Networks' NAC secures 1M users during back-to-school rush
Akonix Publishes September IM Threat Report
Akonix's Threat Center tracks 33 IM attacks
CyberDefender Adds Remote Support
CyberDefender debuts new Internet security suites
Your Health Is None of Your Damn Business
Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records
Microsofties Check Out Vulnerability Auction Site at Blue Hat
WabiSabiLabi participates in closed-door Microsoft summit of security researchers and Microsoft staff
Hackers Exploit Crisis in Burma
Email links to Dalai Lama's genuine Website, but attachment is malicious
Disaster Recovery: Plan for Recovery, Not for Disaster
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Startup Wins License for Secure Biometrics Token
Technology promises to protect privacy of user whose biometric data is stolen or copied
Comodo Unveils Free Security Tools
Comodo helps consumers stay safe online with new Website visual trust indicator and free desktop security tools
Cybercriminals on Your Doorstep
Latest scams range from legit-looking auction sites to looking you in the eye while they steal your money
Malware Plays Defense
New exploits can tell when they're being sandboxed for analysis
Verizon Business to Host Security Webinar
Experts address strategies for strengthening identity and access management programs
Quantum Secure Launches SAFE Agent
Quantum Secure launches SAFE Agent for Sun Microsystems' Java Identity Manager
Ounce Adds Classic ASP Support
Ounce Labs extends analysis capabilities with support for classic ASP
Survey: Who's Responsible for Compliance?
Polivec study shows growing acceptance of regulatory compliance but disagreement on who's responsible and who pays
Virus, Phishing Rise in Sept.
2nd wave of C-Level targeted attacks with increased sophistication
Video Shows Hack of US Power Grid
A graphic dramatization made for the Department of Homeland Security simulates potential impact of a cyberterrorist attack on utility grids
Getting to the Real Endpoint of Endpoint Security
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Many Retailers Will Not Make PCI Compliance Deadline
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Metasploit Adds iPhone Hacking Tools
Popular pen-test tool now comes with Apple iPhone payloads
Call for Leading Lights Entries
September 28 entry deadline for Light Reading's Leading Lights Awards is coming up!
Trend Micro Unveils TM Internet Security 2008
New Trend Micro Internet Security products strengthen personal information protection and deliver enhanced performance
Hackers Post Names, Credit Card Info on eBay
Auction site says incident is a hack, not a leak
ArcSight Debuts PCI Protection
ArcSight debuts comprehensive, scalable and cost-effective PCI protection solution
Watson SCS Offers Free IT Security Assessment
IBM partner Watson SCS offers complimentary IT security assessment
Uplinkearth Partners With Comodo
Uplinkearth partners with Comodo to provide SSL certificates, such as the newly released EV SSL certificates
Peter Tippett to Keynote Tradeshow
Security pioneer from Verizon Business to keynote at virtual security tradeshow
Brabeion Joins PCI Alliance
Brabeion Software joins PCI Security Vendor Alliance and helps major retailers meet PCI data security standard deadlines
Blue Lane Adds Support for VMware
Blue Lane delivers unmatched protection and network flow visibility for VMware Infrastructure 3 environments
VARs Adopt Consolidated Network Security
VARs adopting consolidated network security solutions as corporate demand escalates
Canadian Government Sheds Light On TJX Breach
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
San Jacinto College Uses Mirage's NAC
San Jacinto College seeks to protect from threats introduced by peer-to-peer file sharing
Virtual Civil Disobedience
Now that n.runs has opened the floodgates by putting its hacking tool back online, who'll step up next?
Cigital Secures Marriott International
Cigital develops data encryption solution for Marriott International
VeriSign Flexes DNS Security Muscle
Internet DNS server host upgrades its infrastructure as DNS attacks continue to hammer the Net
Code Green Launches DLP Appliance
Code Green Networks launches industry's first data loss prevention appliance for small businesses and branch offices
BreakingPoint Unveils Application Traffic Generator
BreakingPoint Systems unveils world's fastest application traffic generator
Former CheckPoint VP Joins Insightix
Bill Lavelle joins Insightix as vice president of sales in the Americas
Apple: Bypassing AT&T Can Break Your iPhone
Trying to use another service could be the death of your favorite new gadget
Mexico City Airport Adds New ID Solution
Mexico City International Airport uses Bioscrypt's identity and access management solution in new state-of-the-art terminal
Sophos Update Blocks Remote Connection Tools
Sophos helps organizations block unauthorized remote connection tools
NeoScale, Bridgehead Announce New Encryption
Combined solution provides enterprise-wide data protection and robust encryption with enterprise key management for hospital data on tape
VeriSign Completes Milestones
VeriSign completes key milestones in initiative to strengthen and diversify global Internet infrastructure
Study: Poor ID, Access Management in UK
New independent survey by Siemens Insight Consulting uncovers security policy lapses in UK business
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2011-2765
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
From DHS/US-CERT's National Vulnerability Database CVE-2011-2765
PUBLISHED: 2018-08-20
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVE-2018-15594PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This