Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in January 2008
Page 1 / 3   >   >>
Fortify Offers States Analysis
News  |  1/31/2008  | 
Secretaries of State are offered free source code analyzer to ensure security of state-owned electronic voting systems
Malware for Windows Is Widespread
News  |  1/31/2008  | 
BitDefender Lab's top 10 malware list for January reveals domination of malware exploiting Microsoft Windows Graphics
Spyware Threat Isn't Dead, Experts Say
News  |  1/31/2008  | 
Traditional spyware attacks being replaced by more clandestine, malware-style deployments
Startup Aims for Meatier Signatures
News  |  1/31/2008  | 
New technology promises more visibility into threats, fewer false positives
Stopping Google Blog Spam
News  |  1/31/2008  | 
Removing spam from your Google blog - in seven 'easy' steps
90% of Facebook Apps Have Unnecessary Access to Private Data
Quick Hits  |  1/31/2008  | 
Researcher is building a prototype to protect users' privacy from Facebook 'widgets'
Lumension Rolls Out Security Configuration
News  |  1/30/2008  | 
Lumension Security unveils new configuration management to help organizations streamline compliance, improve posture, and reduce costs
MessageLabs Releases Jan. Spam Report
News  |  1/30/2008  | 
MessageLabs intelligence: spammers exploit new year diffidence - financial uncertainties and personal insecurities
Paper Outlines Methods for Beating Anonymity Technology
News  |  1/30/2008  | 
University professor postulates multiple methods for collecting data on 'anonymous' users
'L0pht ' Reunion on Tap
News  |  1/30/2008  | 
Famed and controversial '90s hacker group plans on-stage get-together in March in Boston
Real Estate Investment Trusts Deploys NAC
News  |  1/30/2008  | 
One of nation's largest real estate investment trusts deploys Mirage Networks to protect against zeroday threats
IR for the Enterprise
News  |  1/30/2008  | 
Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features
11 Truths We Hate to Admit
News  |  1/30/2008  | 
To get better, we need to admit we have a few problems
Real Men Don't Fear the Web
Quick Hits  |  1/30/2008  | 
Study reveals 'macho factor' in online security as many males express overconfidence in their system integrity
Researchers Expose 'Stupid Phisher Tricks'
News  |  1/29/2008  | 
Researchers discover that phishers aren't so good at covering their tracks and protecting their 'booty'
Researchers, Vendors Gear Up for Whaling Attacks
News  |  1/29/2008  | 
Increasingly sophisticated phishing exploits target top executives, wealthy end-users
Barracuda Responds to Trend Micro Lawsuit
News  |  1/29/2008  | 
Barracuda Networks defends free and open source software from patent threat by Trend Micro
Akonix: IM Threats More Sophisticated
News  |  1/29/2008  | 
Akonix issues warnings on trends in instant messaging threat activity; publishes January IM threat report
One-Fourth of iPhones Hacked to Bypass AT&T
Quick Hits  |  1/29/2008  | 
Analyst estimates that 1 million iPhones have been 'unlocked'
Klocwork Rolls Out Insight
News  |  1/28/2008  | 
Klocwork Insight delivers innovative, patent-pending technology to empower the developer community
IronPort Upgrades Email Security Appliance
News  |  1/28/2008  | 
IronPort eases messaging administrator's workload with advanced M-Series security management appliance
Exploit Could Taint Forensics
News  |  1/28/2008  | 
Cross-site request forgery (CSRF) attack could falsely implicate an innocent user
Societe Generale: How Did It Happen?
News  |  1/28/2008  | 
Investigation continues as French bank and others try to figure out how a junior trader lost $7B
Metasploit Gets User-Friendlier
News  |  1/28/2008  | 
Version 3.1 of the popular open hacking tool is available
FaceTime Discovers DIY Phishing Kit
News  |  1/28/2008  | 
FaceTime Security researchers expose 'do-it-yourself' phishing generator for hacking Webmail and social networking sites
Medical Clinic Goes NAC
News  |  1/28/2008  | 
Cooper Clinic secured via managed network access control deployment
Enterprises Rolling on Logs
Quick Hits  |  1/28/2008  | 
Once seen as a necessary evil, security logs are now becoming an everyday data source, survey says
Hackers Attack Scientology
Quick Hits  |  1/25/2008  | 
"Anonymous" group launches denial of service attacks on church sites in retribution for YouTube's withdrawal of Cruise video clip
Attackers Abuse Google Blogger
News  |  1/25/2008  | 
Blogger is flooded with phony blogs - including some that inject malware
University Nixes Cisco NAC for ConSentry's
News  |  1/25/2008  | 
Failed NAC installation led Fayetteville State University to go with a Cisco competitor for NAC and switching
Interview With a Web App Security Pro
News  |  1/24/2008  | 
If you're looking to hire a good Web application security expert, be sure you're asking the right questions
Feds Say 'Adios' to Admin Rights on Windows
News  |  1/24/2008  | 
The Federal Desktop Core Configuration mandate for Windows XP and Vista clients goes into effect on February 1
SecureMac Intros MacScan Family Pack
News  |  1/24/2008  | 
Anti-spyware software protects up to 3 computers on a home network
Microsoft: Vista Has Fewer Flaws Than Other First-Year OSes
News  |  1/23/2008  | 
Vista logged fewer vulnerabilities in its first year than XP, Red Hat, Ubuntu, and Apple Mac OS X did in their first years
Most Malware Now Comes From Legitimate Sites
Quick Hits  |  1/23/2008  | 
Biggest danger is no longer purpose-built malicious sites, but legit sites that are unwittingly distributing dangerous code
Keeping an Eye on the Weakest Link
News  |  1/23/2008  | 
Beware the vulnerabilities you create when you merge new units or acquisitions into your corporate network
Packet Analytics Launches Net/FSE
News  |  1/22/2008  | 
Packet Analytics launches Net/FSE, free downloadable network forensic search engine
BullGuard Offers Free Spam Filter
News  |  1/22/2008  | 
BullGuard declares war on spam with free Spamfilter
'Drive-By Pharming' Now a Reality, Researchers Say
News  |  1/22/2008  | 
Theoretical exploit that allows attackers to hijack DNS servers and routers has been spotted in the wild, Symantec says
FireEye Appoints 2 Execs
News  |  1/22/2008  | 
FireEye attracts 2 of the industry's most renowned security experts and technologists
New VOIP 'Call-Jacking' Hack Unleashed
News  |  1/22/2008  | 
Researchers release proof-of-concept for advanced phishing and stealing VOIP calls
SonicWall Aventail E-Class Gets Enhanced AV
News  |  1/22/2008  | 
SonicWall Aventail E Class remote access solution to offer enhanced integration with antivirus protection
Hacking Wireless Headsets
News  |  1/22/2008  | 
Those cool wireless headsets keep your hands free - and give hackers the ability to eavesdrop on your conversations
V.i. Labs Enhances CodeArmor
News  |  1/22/2008  | 
V.i. Labs unveils enhancements to CodeArmor for enterprise organizations and software vendors
Fortinet Warns Mobile Users of Worm
News  |  1/22/2008  | 
The FortiGuard Global Security Research Team discovered a new SymbianOS Worm actively spreading on various mobile phone networks
Criminal Gangs Hit Macs for 1st Time
News  |  1/21/2008  | 
New Sophos security report reveals cybercriminals moving beyond Microsoft
Panda Security Rolls Out Anti-Fraud Service
News  |  1/21/2008  | 
Panda Security uses 'collective intelligence' to stop online frauds with availability of Panda Security for internet transactions
A 'Swift' Kick to the Secure Development Process
News  |  1/18/2008  | 
New system makes it easier to write secure, robust, and high-performance Web applications
Tech Insight: Incident Response
News  |  1/18/2008  | 
IR tools speed up response time to a security breach and help minimize the damage
Los Alamos Labs Vets Launch Forensics Company
News  |  1/18/2008  | 
Startup Packet Analytics, founded by former DOE lab security analysts, to launch company, product on Tuesday
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...