Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2007
Page 1 / 3   >   >>
China Dismisses McAfee Cybercrime Findings
Quick Hits  |  11/30/2007  | 
Chinese official says China is the victim, not the aggressor
AV Vendor Adopts 'Herd' Intelligence
News  |  11/30/2007  | 
Panda Security on Monday will roll out new anti-malware solution that analyzes new malware 'in the cloud' rather than in the lab
When Projects Cause Security Failures
News  |  11/30/2007  | 
Some tips on how to balance the day-to-day and big projects in security
BitDefender Intros Nov. Top 10 Malware
News  |  11/29/2007  | 
November's list reveals trend toward lower-profile malware
FBI Nabs Eight in Second 'Bot Roast'
News  |  11/29/2007  | 
Bots totaled more than $20M in losses and harnessed more than a million PCs, feds say
Insecure Software Costs US $180B per Year
News  |  11/29/2007  | 
'Vulnerability tax' might be the answer, says SANS instructor and security expert David Rice
What's Behind Non-Compliance?
News  |  11/28/2007  | 
New study shows that many employees still don't know about critical policies - or believe those policies will be enforced
Free Qualys Security Scan Available
News  |  11/28/2007  | 
Free Qualys Security Scan available for the new SANS Top 20
Charity Hacker Used Employee Password
Quick Hits  |  11/28/2007  | 
Attacker who stole data from 92 charities had a valid password from their shared service provider
Akonix Tracks New IM Attacks
News  |  11/28/2007  | 
Akonix responds to complex botnets and criminal IM activity with aggressive policy updates
Client, Application Flaws Top SANS Vulnerability List
News  |  11/27/2007  | 
Gullible users, untrained developers are helping to make life easier for hackers, annual study says
Trust Digital Issues Holiday Smartphone Tips
News  |  11/27/2007  | 
Trust Digital: Smartphone stocking stuffers make IT departments suffer
Spam for the Holidays
Quick Hits  |  11/27/2007  | 
New pump-and-dump scheme decks email's halls with holiday-related messages
Core Security Discovers Vulnerability in Lotus Notes
News  |  11/27/2007  | 
Users vulnerable to attack when viewing corrupt Lotus 1-2-3 file attachments
Secure Computing Upgrades Portal
News  |  11/27/2007  | 
Secure Computing unveils the new TrustedSource.org
UK Retail Giant Breached by Insider
Quick Hits  |  11/26/2007  | 
Call center operator may have stolen credit card information from many customers at online giant Tesco
CompTIA: Spyware Problems Rise
News  |  11/26/2007  | 
Worms, viruses, browser-based attacks down
Cenzic Announces Record Growth for 2007
News  |  11/26/2007  | 
Cenzic announces record growth, prestigious awards, excellent product ratings
Webroot Merges With SaaS Firm Email Systems
News  |  11/26/2007  | 
Webroot moves aggressively to extend enterprise security capability - merges with SAAS firm Email Systems
UK Government Breach Exceeds Original Estimates
News  |  11/26/2007  | 
Officials may have lost eight more storage disks containing personal information on British citizens
The Right Stuff
News  |  11/26/2007  | 
An inexperienced systems administrator, combined with outdated Web apps, is a recipe for disaster
Buffer Overflows Are Top Threat, Report Says
News  |  11/26/2007  | 
Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline
BitDefender Products Sold at OfficeMax
News  |  11/25/2007  | 
BitDefender Internet security and antivirus products now available throughout the US at OfficeMax
Rethinking Desktop Security
News  |  11/21/2007  | 
New and built-in security technologies could soon make the PC safer than ever
Cybercriminals Ready for Banner Holiday Shopping Season
News  |  11/21/2007  | 
Black Friday and Cyber Monday will kick off a record run for online fraudsters, researchers say
Sophos: Trojan Spreads Wiretapping Scare
News  |  11/20/2007  | 
Emails from a private investigator lead to malware infection
Goodbye, Mr. CISSP
News  |  11/20/2007  | 
Losing a member of your security team is always tough, but good documentation can help ease the pain
Researchers Thankful for New Paypal Policy
Quick Hits  |  11/20/2007  | 
Immunity from legal action for researchers who follow site's responsible disclosure procedures
Phishers Steal DOJ's Identity
Quick Hits  |  11/20/2007  | 
New spam-based exploits also operate under guise of Better Business Bureau
MEGA International Acquires Control Metrics
News  |  11/19/2007  | 
MEGA International acquires Control Metrics, pioneer of internal control management systems
Working-Class SIM
News  |  11/19/2007  | 
After years of targeting the largest enterprises, netForensics goes where no security information management vendor has gone before: the mid-sized business
DNS Servers in Harm's Way
News  |  11/19/2007  | 
Security of Internet-facing Domain Name Service (DNS) servers often overlooked
UK Government in Uproar Following Data Loss
News  |  11/19/2007  | 
Misplaced disks contained personal information on 25 million taxpayers
The Aftermath of Identity Theft
Quick Hits  |  11/19/2007  | 
Loss of personal information continues to increase; stolen data often used to open lines of credit
Responsible Response
News  |  11/19/2007  | 
Responsible disclosure is one thing, but how do you respond when you're informed of a possibly compromised machine or vuln in your apps?
Risky Behavior Rises With Confidence
News  |  11/19/2007  | 
Trend Micro Internet Confidence and Safety Survey reveals consumer confidence in the Internet is on the rise in U.S. and Japan
Sentrigo Fights SQL Injection on Databases
News  |  11/19/2007  | 
Sentrigo announces new technique to combat zero-day SQL injection attacks on databases
Bank Implements Fraud Detection Solution
News  |  11/18/2007  | 
Skipton banks on Compliance Alert for AML and fraud detection
eIQnetworks Joins PCI Security Standards Council
News  |  11/18/2007  | 
Leading provider of integrated security, risk and audit management brings expertise to payment card industry standards body
Botnets: Whose Fault Are They?
News  |  11/16/2007  | 
Everybody's blaming somebody - and it isn't helping anybody
Financial Consulting Firm Fixes Security Flaws
News  |  11/16/2007  | 
InCharge Institute of America runs F5 Networks's BIG-IP Application Security Manager to shore up security
SecureMac, Tri Synergy Partner
News  |  11/15/2007  | 
Tri Synergy will now be publishing and distributing MacScan, SecureMac's cutting edge anti-spyware software for Macintosh computers
Incident Response Means Knowing Your Data
News  |  11/15/2007  | 
To keep data safe and protect forensic evidence, first responders must know how users operate
Many Retailers Open to Wireless Attacks
News  |  11/15/2007  | 
Penetration tests show that half of wireless networks at major mall stores could be easily hacked
MX Logic: Spam Levels to Spike Another 50%
News  |  11/15/2007  | 
New delivery methods and malware payloads strengthen impact of spam surge
Mirage NAC Stops Storm Worm & Variants
News  |  11/15/2007  | 
Mirage Networks stops Storm worm and variants that render other NAC solutions ineffective
Half Say They Piggyback on Others' WiFi
News  |  11/15/2007  | 
More than 50% of people polled admit they have stolen WiFi Internet access
Jilted Lover Jailed for Internet Monitoring
Quick Hits  |  11/15/2007  | 
The long arm of Texas law is cracking down on Internet, email spying
Life on the Fast Track
News  |  11/14/2007  | 
There's something to be said for applying experience and education to technology change, especially when it comes to security
Sophos Unveils Enhanced Email Security Appliance
News  |  11/14/2007  | 
Sophos email appliances set a new standard in efficient security management
Page 1 / 3   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.