Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2006
Page 1 / 2   >   >>
Arxceo, JCI Team
News  |  10/31/2006  | 
Arxceo has completed the integration of its patented technologies, Plug and Protect and Tag-UR-IT into JCI's B-Mobile PHS product
Strato Offers Email Security
News  |  10/31/2006  | 
Strato introduces ServerSide Security, a service to combat spam, phishing, and email viruses
The Web App Security Gap
News  |  10/31/2006  | 
Attacks on applications quickly evolve in intelligence, but most enterprises' Web application security strategies are still stuck in the primordial ooze
MX Logic Issues Report
News  |  10/31/2006  | 
MX Logic announced a 40 percent increase in overall email traffic from July through September
IE7 Feature Goes Buggy
News  |  10/31/2006  | 
If your IE7 browser starts scarfing CPU when you hit Ajax-laden sites, you may need to disable your anti-phishing filter
Secure Computing Targets Spam
News  |  10/31/2006  | 
Secure Computing announced it is waging war against image spam, where spammers hide messages in image files to escape detection
Not Your Grandpa's Microsoft
News  |  10/30/2006  | 
Think you're being smart by waiting for Vista's SP 2? Think again
The Vista-Forefront Security Two-Step
News  |  10/30/2006  | 
Legacy apps - Microsoft and non-Microsoft - may not get Forefront and Vista security, security experts say
Criminals in the Call Center?
News  |  10/30/2006  | 
New reports say call center employees could be leaking personal customer information
Vernier, Kanematsu Partner
News  |  10/30/2006  | 
Kanematsu Electronics has selected Vernier's EdgeWall product family for its Network Access Control (NAC) solution
MySpace Under Siege
News  |  10/30/2006  | 
A weekend phishing attack and more XSS zero-day proof-of-concept code are testing the social networking site's security mettle
HSPD-12's Toothless Deadline
News  |  10/27/2006  | 
US federal government's mandate for physical and logical security plagued by confusion, lack of funding
Don't Blame the Browser
News  |  10/27/2006  | 
Not all Web bugs are in the browser - sometimes they're the result of the way the browser interacts with other apps
Mending Holes in the Blogosphere
News  |  10/27/2006  | 
Free Vox blogging service controls JavaScript, lets bloggers set privacy controls
A Public Snort
News  |  10/26/2006  | 
Sourcefire, maker of the popular open-source Snort security tool, files for an IPO
Sophos Extends Control
News  |  10/26/2006  | 
Sophos announced the ability to control employee use of distributed computing applications on corporate networks
New Browsers, New Bugs
News  |  10/25/2006  | 
Two have already been reported in the new Internet Explorer 7. Will Firefox 2.0 face the same fate?
'Crimeware' Defined
News  |  10/25/2006  | 
Anti-Phishing Working Group and Department of Homeland Security explain most prevalent forms of online attacks
MySpace Hacker: Fix Is Flawed
News  |  10/25/2006  | 
The researcher who published proof-of-concept code of a MySpace flaw explains why he developed it - and why MySpace's fix might not hold
Symantec Reports Q2
News  |  10/25/2006  | 
Symantec reported results for the second quarter of fiscal year 2007
Outpost Firewall Scores High
News  |  10/25/2006  | 
Outpost Firewall Pro 4.0 from Agnitum is the software firewall best able to defend itself from direct and brutal attacks
SurfControl Unveils Products
News  |  10/24/2006  | 
SurfControl's new set of product offerings enable customers to achieve greater levels of protection, flexibility and customization
It's the People, Stupid
News  |  10/24/2006  | 
After years of investing in technology, IT security departments are putting more effort - and dollars - in people and processes, study says
Zero Day Flaw Found in MySpace
News  |  10/24/2006  | 
A variant of an XSS vulnerability opens the door for worms, phishing, and port scans via the popular social networking site
Mutating Email Bugs Swarm
News  |  10/23/2006  | 
New variants of two old email-borne exploits illustrate how today's messaging bugs are becoming harder to kill
Webmail is Rife, & Risky
News  |  10/23/2006  | 
Survey says companies allow staff to access personal Web-based email accounts at work
Microsoft Promises Open Email Security
News  |  10/23/2006  | 
Microsoft pulled its Sender ID email authentication protocol under its OSP program to promote development of the once-controversial spec
Metasploit to Go Wireless
News  |  10/23/2006  | 
Wireless device-driver software set to emerge as the next big petri dish for exploits, attacks
JavaScript Malware Strikes Firewalls
News  |  10/23/2006  | 
It's a security hole no one knows how to fix, except by degrading Web browsing to little more than a text-based experience
WhiteHat Debuts Sentinel 3.0
News  |  10/23/2006  | 
WhiteHat Security announced WhiteHat Sentinel 3.0, the only continuous vulnerability assessment, management service for Websites
Consentry Secures LAN
News  |  10/23/2006  | 
ConSentry Networks announced today that Canaras Capital Management has purchased ConSentry's LANShield Switch
Reconnex Adds Capabilities
News  |  10/23/2006  | 
Reconnex adds new capabilities for protecting intellectual property and private data before, during, and after exposure
Database Threat Intensifies
News  |  10/20/2006  | 
Attackers are pulling out the stops to break into Oracle databases
Spammers Turn the Tables Again
News  |  10/20/2006  | 
SpamThru trojan pirates AV software, encrypts it, then uses P2P to keep sophisticated botnet alive
Just When You Thought It Was Safe
News  |  10/19/2006  | 
Think those old security problems are all solved? Dark Reading's 'Ten Most Dangerous Things Users Do Online' may make you think again
Phishers' Catch: Better Than Expected
News  |  10/19/2006  | 
A new study from the University of Indiana indicates that phishers are more successful at catching users than most industry estimates suggest
ISPs Plan Security Push
News  |  10/18/2006  | 
New opportunities, public criticism drive service providers to develop more comprehensive security services
Viruses Without Borders
News  |  10/18/2006  | 
Hackers test a new generation of malware that attacks multiple platforms simultaneously
Trojan Poses as IE7 Download
News  |  10/18/2006  | 
Spoofed email contains link to trojan downloader disguised as a link to Internet Explorer upgrade
AirGuard Intros Antidote
News  |  10/18/2006  | 
Airwide Solutions unveiled an antidote for the new and growing epidemic of mobile messaging threats
ScanSafe Releases Report
News  |  10/18/2006  | 
ScanSafe released its latest Global Threat Report on Web filtering, spyware, and viruses
Malware: The Undead
News  |  10/17/2006  | 
Thanks to cache servers, some malicious code lives on - even after it has supposedly been eradicated
CSRF Vulnerability: A 'Sleeping Giant'
News  |  10/17/2006  | 
A mostly unknown Web vulnerability called Cross-Site Request Forgery could be the next attack vector on your Website
Cybercrime: Better Than Drugs
News  |  10/16/2006  | 
Cybercrime is becoming even more lucrative than the drug trade - and even operates on a similar model, says one researcher
Attacks on Consumers Intensify
News  |  10/16/2006  | 
Attackers are no longer waiting to steal data coming out of your computer - they're going in and taking it
PreEmptive Adds Partners
News  |  10/16/2006  | 
PreEmptive Solutions' Entrepreneur Program expands to include over 60 companies in its first four months
Power Pay
News  |  10/13/2006  | 
As the 2006 holiday season looms, retailers consider bypassing credit cards in favor of more secure online payment options
AV Vendors Need Not Fear Microsoft
News  |  10/13/2006  | 
That from an ex-Microsoft security manager who says Redmond's antivirus moves will mostly help, not hinder, the market
A-Listing Your Apps
News  |  10/12/2006  | 
Enterprises enlist app whitelisting to combat malware and unauthorized tools, but the approach has a dark side
Google Searchers Find Malware
News  |  10/12/2006  | 
Hackers create a lookalike Google Italy site and lure users to download malicious apps
Page 1 / 2   >   >>


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...