Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in October 2006
<<   <   Page 2 / 2
BT Launches Zombie-Quasher
News  |  10/12/2006  | 
BT has launched an automated system to track down and tackle professional spammers and 'botnet'-infected customers
GFI Intros EventsManager
News  |  10/12/2006  | 
GFI has launched GFI EventsManager, its next generation solution for centralized event log management and reporting
Corporate Ethics are 'Situational'
News  |  10/11/2006  | 
Dark Reading's Security Scruples survey finds that many companies talk the talk, but don't walk the walk
Phishing Bites
News  |  10/11/2006  | 
Russia now hosts more Websites with keylogger and trojan downloaders than the US, according to latest APWG report
Compliance: A Multi-Front War
News  |  10/11/2006  | 
Security managers need to build frameworks that ensure compliance with multiple regulations
Finjan Reports Findings
News  |  10/11/2006  | 
Finjan announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC)
Canada Picks Third Brigade
News  |  10/11/2006  | 
Third Brigade announced Industry Canada is using its host-based intrusion prevention system in its Protocol Analysis Lab (PAL)
Sophos Rolls Out Security Suite
News  |  10/10/2006  | 
Sophos launches new suite of IT security solutions for small businesses
Microsoft Patches Active Exploits
News  |  10/10/2006  | 
Latest fixes, network access woes get patching day off to a rough start
Hot New OS Flaw: Integer Overflow
News  |  10/10/2006  | 
Mitre's latest CVE report reveals some surprises among software's most commonly exploited flaws
Qualys, RedSeal Team
News  |  10/10/2006  | 
RedSeal Systems and Qualys announced that RedSeal has applied its technology to Qualys' on demand platform
Low-Cost PCs Pose Risk
News  |  10/9/2006  | 
Benefactors look to secure millions of identical computers to be unleashed in One Laptop Per Child initiative
Diebold Disses Democracy
News  |  10/9/2006  | 
Technologists may be surprised by how far things can get off track when the law embraces bad security ideas for no apparent reason
Monkeyspaw Grabs Phishers
News  |  10/9/2006  | 
Open-source forensics tool pins down phishers where they live
F-Secure Unveils Internet Security
News  |  10/9/2006  | 
F-Secure Corporation announced today the release of Internet Security 2007
A Secure Channel for Customers
News  |  10/6/2006  | 
A startup is developing the means to bypass phishers and hackers with a secure link to clients
A Matter of Trust
News  |  10/6/2006  | 
Some executives can afford to trust their employees, but security professionals don't have that luxury
Mozilla Patches Things Up
News  |  10/5/2006  | 
Days after Firefox's zero-day scare, Mozilla patches a new crop of vulnerabilities
Security's Rotten Apples
News  |  10/4/2006  | 
Dark Reading's 'Security Scruples' survey finds that most IT and security people maintain a strong code of ethics, but there are 'alternative views' that paint a scary picture
The Perils of Third-Party Patches
News  |  10/4/2006  | 
Some organizations issue security patches faster than your vendor, but experts claim benefits aren't worth the risk
Instant Message, Instant Infection
News  |  10/4/2006  | 
A new IM worm poses as a buddy warning you about a virus, then it takes over your IE homepage
Security Takes a Holiday
News  |  10/4/2006  | 
National Cyber Security Awareness Month falls a few ornaments short of the tree
Startup Secures Data for Audits
News  |  10/3/2006  | 
Kinamik offers third-party certification, encryption, and storage of data, making it unassailable by hackers -- or auditors
Zero-Day: Won't Go Away
News  |  10/3/2006  | 
Enterprises can expect more zero-day exploits as malware writers start to monetize their attacks
Microsoft Buys DesktopStandard
News  |  10/3/2006  | 
Microsoft gains group policy technology for Active Directory, but not DesktopStandard's new application security product
Websense Unveils Report
News  |  10/3/2006  | 
Report reveals increase in malicious sites using code from easy-to-use toolkits designed for criminals with no hacking experience
Phishers Launch Zero-Day Exploits
News  |  10/2/2006  | 
Phishers are moving to the bleeding edge, and the new PhishTank will let companies observe their behavior
Researcher Secures Grid Computing
News  |  10/2/2006  | 
New tool could help administrators quickly identify possible abuse in meshed computer environments
Hackers Feel Fallout From XSS Postings
News  |  10/2/2006  | 
After being identified as XSS-vulnerable, the NukeCops site tried to shut down the ha.ckers.org Website this weekend
MX Logic Raises Dukes
News  |  10/2/2006  | 
MX Logic is now offering a managed Web filtering and threat protection service to customers
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.