Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in November 2007
Page 1 / 3   >   >>
China Dismisses McAfee Cybercrime Findings
Quick Hits  |  11/30/2007  | 
Chinese official says China is the victim, not the aggressor
AV Vendor Adopts 'Herd' Intelligence
News  |  11/30/2007  | 
Panda Security on Monday will roll out new anti-malware solution that analyzes new malware 'in the cloud' rather than in the lab
When Projects Cause Security Failures
News  |  11/30/2007  | 
Some tips on how to balance the day-to-day and big projects in security
BitDefender Intros Nov. Top 10 Malware
News  |  11/29/2007  | 
November's list reveals trend toward lower-profile malware
FBI Nabs Eight in Second 'Bot Roast'
News  |  11/29/2007  | 
Bots totaled more than $20M in losses and harnessed more than a million PCs, feds say
Insecure Software Costs US $180B per Year
News  |  11/29/2007  | 
'Vulnerability tax' might be the answer, says SANS instructor and security expert David Rice
What's Behind Non-Compliance?
News  |  11/28/2007  | 
New study shows that many employees still don't know about critical policies - or believe those policies will be enforced
Free Qualys Security Scan Available
News  |  11/28/2007  | 
Free Qualys Security Scan available for the new SANS Top 20
Charity Hacker Used Employee Password
Quick Hits  |  11/28/2007  | 
Attacker who stole data from 92 charities had a valid password from their shared service provider
Akonix Tracks New IM Attacks
News  |  11/28/2007  | 
Akonix responds to complex botnets and criminal IM activity with aggressive policy updates
Client, Application Flaws Top SANS Vulnerability List
News  |  11/27/2007  | 
Gullible users, untrained developers are helping to make life easier for hackers, annual study says
Trust Digital Issues Holiday Smartphone Tips
News  |  11/27/2007  | 
Trust Digital: Smartphone stocking stuffers make IT departments suffer
Spam for the Holidays
Quick Hits  |  11/27/2007  | 
New pump-and-dump scheme decks email's halls with holiday-related messages
Core Security Discovers Vulnerability in Lotus Notes
News  |  11/27/2007  | 
Users vulnerable to attack when viewing corrupt Lotus 1-2-3 file attachments
Secure Computing Upgrades Portal
News  |  11/27/2007  | 
Secure Computing unveils the new TrustedSource.org
UK Retail Giant Breached by Insider
Quick Hits  |  11/26/2007  | 
Call center operator may have stolen credit card information from many customers at online giant Tesco
CompTIA: Spyware Problems Rise
News  |  11/26/2007  | 
Worms, viruses, browser-based attacks down
Cenzic Announces Record Growth for 2007
News  |  11/26/2007  | 
Cenzic announces record growth, prestigious awards, excellent product ratings
Webroot Merges With SaaS Firm Email Systems
News  |  11/26/2007  | 
Webroot moves aggressively to extend enterprise security capability - merges with SAAS firm Email Systems
UK Government Breach Exceeds Original Estimates
News  |  11/26/2007  | 
Officials may have lost eight more storage disks containing personal information on British citizens
The Right Stuff
News  |  11/26/2007  | 
An inexperienced systems administrator, combined with outdated Web apps, is a recipe for disaster
Buffer Overflows Are Top Threat, Report Says
News  |  11/26/2007  | 
Research data says buffer overflow bugs outnumber Web app vulnerabilities, and some severe Microsoft bugs are on the decline
BitDefender Products Sold at OfficeMax
News  |  11/25/2007  | 
BitDefender Internet security and antivirus products now available throughout the US at OfficeMax
Rethinking Desktop Security
News  |  11/21/2007  | 
New and built-in security technologies could soon make the PC safer than ever
Cybercriminals Ready for Banner Holiday Shopping Season
News  |  11/21/2007  | 
Black Friday and Cyber Monday will kick off a record run for online fraudsters, researchers say
Sophos: Trojan Spreads Wiretapping Scare
News  |  11/20/2007  | 
Emails from a private investigator lead to malware infection
Goodbye, Mr. CISSP
News  |  11/20/2007  | 
Losing a member of your security team is always tough, but good documentation can help ease the pain
Researchers Thankful for New Paypal Policy
Quick Hits  |  11/20/2007  | 
Immunity from legal action for researchers who follow site's responsible disclosure procedures
Phishers Steal DOJ's Identity
Quick Hits  |  11/20/2007  | 
New spam-based exploits also operate under guise of Better Business Bureau
MEGA International Acquires Control Metrics
News  |  11/19/2007  | 
MEGA International acquires Control Metrics, pioneer of internal control management systems
Working-Class SIM
News  |  11/19/2007  | 
After years of targeting the largest enterprises, netForensics goes where no security information management vendor has gone before: the mid-sized business
DNS Servers in Harm's Way
News  |  11/19/2007  | 
Security of Internet-facing Domain Name Service (DNS) servers often overlooked
UK Government in Uproar Following Data Loss
News  |  11/19/2007  | 
Misplaced disks contained personal information on 25 million taxpayers
The Aftermath of Identity Theft
Quick Hits  |  11/19/2007  | 
Loss of personal information continues to increase; stolen data often used to open lines of credit
Responsible Response
News  |  11/19/2007  | 
Responsible disclosure is one thing, but how do you respond when you're informed of a possibly compromised machine or vuln in your apps?
Risky Behavior Rises With Confidence
News  |  11/19/2007  | 
Trend Micro Internet Confidence and Safety Survey reveals consumer confidence in the Internet is on the rise in U.S. and Japan
Sentrigo Fights SQL Injection on Databases
News  |  11/19/2007  | 
Sentrigo announces new technique to combat zero-day SQL injection attacks on databases
Bank Implements Fraud Detection Solution
News  |  11/18/2007  | 
Skipton banks on Compliance Alert for AML and fraud detection
eIQnetworks Joins PCI Security Standards Council
News  |  11/18/2007  | 
Leading provider of integrated security, risk and audit management brings expertise to payment card industry standards body
Botnets: Whose Fault Are They?
News  |  11/16/2007  | 
Everybody's blaming somebody - and it isn't helping anybody
Financial Consulting Firm Fixes Security Flaws
News  |  11/16/2007  | 
InCharge Institute of America runs F5 Networks's BIG-IP Application Security Manager to shore up security
SecureMac, Tri Synergy Partner
News  |  11/15/2007  | 
Tri Synergy will now be publishing and distributing MacScan, SecureMac's cutting edge anti-spyware software for Macintosh computers
Incident Response Means Knowing Your Data
News  |  11/15/2007  | 
To keep data safe and protect forensic evidence, first responders must know how users operate
Many Retailers Open to Wireless Attacks
News  |  11/15/2007  | 
Penetration tests show that half of wireless networks at major mall stores could be easily hacked
MX Logic: Spam Levels to Spike Another 50%
News  |  11/15/2007  | 
New delivery methods and malware payloads strengthen impact of spam surge
Mirage NAC Stops Storm Worm & Variants
News  |  11/15/2007  | 
Mirage Networks stops Storm worm and variants that render other NAC solutions ineffective
Half Say They Piggyback on Others' WiFi
News  |  11/15/2007  | 
More than 50% of people polled admit they have stolen WiFi Internet access
Jilted Lover Jailed for Internet Monitoring
Quick Hits  |  11/15/2007  | 
The long arm of Texas law is cracking down on Internet, email spying
Life on the Fast Track
News  |  11/14/2007  | 
There's something to be said for applying experience and education to technology change, especially when it comes to security
Sophos Unveils Enhanced Email Security Appliance
News  |  11/14/2007  | 
Sophos email appliances set a new standard in efficient security management
Page 1 / 3   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.