Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2006
2007: Trouble Ahead
News  |  12/29/2006  | 
Dark Reading gives you the lowdown on the main security threats to look out for in '07
ESET Touts Advanced+ Rating
News  |  12/28/2006  | 
ESET's NOD32 receives Advanced+ rating from AV-comparatives
The Six Dirtiest Tricks of 2006
News  |  12/27/2006  | 
Dark Reading remembers six of the sneakiest exploits of the year, as rated by readers
SEC Exposes Online Fraudster
News  |  12/26/2006  | 
Estonian disguises his identity, uses stolen electronic IDs in classic 'pump and dump' scheme
VOIP More Vulnerable
News  |  12/20/2006  | 
Hear that? That's the sound of hackers starting to wield the latest VOIP hacking tools
Nike Bares Its Sole
News  |  12/20/2006  | 
New combination of running shoes with Apple iPod leaves joggers open to electronic surveillance
Building Trust
News  |  12/19/2006  | 
Security pros see the impact of security on business reputation, but many higher-level execs don't
Perimeter Suggests Resolutions
News  |  12/19/2006  | 
While AI has come a long way, computer users are still the ones charged with security of their data, networks, and computers
Spam Service Shuttered
News  |  12/19/2006  | 
The last vestiges of old-school spam techniques signed off today with the demise of the Open Relay Database (ORDB)
An Apple (Bug) a Day
News  |  12/19/2006  | 
Happy New Year from your favorite hackers
Vulnerability Tools Get Teeth
News  |  12/18/2006  | 
Vulnerability assessment tools are merging with configuration management, penetration testing, and even NAC
Marshal Attacks Spam
News  |  12/18/2006  | 
Marshal announces a successful first year of independent operation following its December 2005 management buy-out from NetIQ
Phishing Attacks on Rise
News  |  12/18/2006  | 
Cloudmark has seen a substantial increase in attacks on European banking brands, with increases of nearly 300% in a month in some cases
Risk Management's New Bell Curve
News  |  12/18/2006  | 
New report from McAfee points to need for insurance-like business model for IT security
Phishing Your Own Users
News  |  12/18/2006  | 
New anti-phishing upgrades raise the profile of client-side attacks
McAfee Protects USDA
News  |  12/18/2006  | 
McAfee has been selected to protect the US Department of Agriculture's messaging system from spam, phishing, spyware, and virus attacks
PHP Security Expert Quits
News  |  12/15/2006  | 
'Communications issues' cited as Stefan Esser resigns
'Not Much Resistance at the Door'
News  |  12/15/2006  | 
Website security hasn't improved much over the past year, according to a survey of Web app security pros
EEye Discovers Worm/Botnet
News  |  12/15/2006  | 
EEye Digital Security has discovered Big Yellow, a non-Microsoft-based malware that has both worm and botnet characteristics
Authentium Unveils ESP
News  |  12/14/2006  | 
Authentium announced availability of the Authentium Extensible Service Platform (ESP) for Enterprise
How Much Is That Exploit in the Window?
News  |  12/14/2006  | 
Researcher relays sticker prices for some of today's hottest hacks
IBM Intros Consulting Service
News  |  12/14/2006  | 
IBM announced a first-of-its-kind consulting service designed to measure the way businesses govern data
DNSstuff.com Adds Service
News  |  12/13/2006  | 
DNSstuff.com has launched a new membership option with enhanced tools
Startup Finds Phish in Browsers
News  |  12/13/2006  | 
New company could help banks, other service providers to warn users when they've been phished
nCircle Launches Trade-Up Program
News  |  12/12/2006  | 
nCircle announced a program for enterprises who want to upgrade their security program to include security risk and compliance management
F-Secure Goes Virtual
News  |  12/12/2006  | 
F-Secure announced the availability of its next-generation messaging security solutions, F-Secure Messaging Security Gateway appliance
Report: Phish Jump
News  |  12/12/2006  | 
The number of phishing sites grew dramatically from September to October, as phishers got savvier
Worms Get Smarter
News  |  12/12/2006  | 
A new generation of worm exploits hitting MySpace and other social net sites is using the latest in attack vectors. Why you should worry
Burton Announces Changes
News  |  12/12/2006  | 
Burton Group has released a three-part research series to help enterprise organizations build a full spectrum defense against malware
TRACE Reports Spam Surge
News  |  12/12/2006  | 
Phishing emails from Asia and holiday spam skyrocket
Open-Source NAC
News  |  12/11/2006  | 
PacketFence initiative offers public-domain alternative for network access control
Two Sides of Single Sign-On
News  |  12/11/2006  | 
The answer to password maintenance problems, or inherently insecure? Talk back to us
MIME Vulnerabilities Rear Up Again
News  |  12/8/2006  | 
Years after the ubiquitous email standard was developed, researchers are still finding security flaws in it
Credit Union Authenticates 'Bio-Rhythms'
News  |  12/8/2006  | 
New biometrics tool measures typing rhythms to authenticate users
Oracle Spurs Single Sign-On Surge
News  |  12/7/2006  | 
Venerable technology prepares for rebirth with emergence of cross-domain identity management technologies
CloudShield Stops Attack
News  |  12/7/2006  | 
CloudShield has helped stop a major DDOS attack aimed at EveryDNS
DNS Attacks on the Rise
News  |  12/6/2006  | 
The old reliable DNS server is becoming a popular target of botnets and other attacks
Bull Market for Cybercriminals
News  |  12/6/2006  | 
Fraudsters add online twists to time-tested stock and securities scams
Deck the Halls, Not the WAP
News  |  12/6/2006  | 
Those red and green decorations could give the blues to your wireless network
IBM Buys Into Security Compliance
News  |  12/5/2006  | 
Acquisition of Consul gives Big Blue a new weapon in match between enterprises and security auditors
Webroot Intros Small Biz Solution
News  |  12/5/2006  | 
Webroot announced the availability of Webroo SME Security
Arxceo Adds Excecs
News  |  12/5/2006  | 
Arxceo has opened offices in Atlanta and Tokyo
EEye Intros Web Tracker
News  |  12/4/2006  | 
EEye is offering the first vulnerability tracking site that focuses exclusively on zero-day vulnerabilities
DNS Service Under DDOS Attack
News  |  12/4/2006  | 
A stubborn distributed denial-of-service attack is hammering away at a free DNS service and has disrupted tens of thousands of its customers
Compliance Keys: Money, Monitoring
News  |  12/4/2006  | 
New study shows direct relationship between compliance success and security investment, monitoring
WatchGuard Adds UTM
News  |  12/3/2006  | 
WatchGuard Technologies has added UTM protection to its Firebox X Edge e-Series line of integrated security appliances
The Great Creeping Time-Suck
News  |  12/1/2006  | 
Peripheral tasks and distractions keep IT security people from doing their real jobs
Hacker Cuts Swath Through US Government Computers
News  |  12/1/2006  | 
Romanian man indicted for breaking into more than 150 federal government systems, violating live NASA data
Spying on Spyware
News  |  12/1/2006  | 
A new patent-pending antispyware technology 'listens' for spyware based on its network behavior
Kaspersky Posts Top Twenty
News  |  12/1/2006  | 
Kaspersky Labs posts virus Top Twenty for November 2006


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32788
PUBLISHED: 2021-07-27
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal mes...
CVE-2021-32796
PUBLISHED: 2021-07-27
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin...
CVE-2021-32748
PUBLISHED: 2021-07-27
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst th...
CVE-2021-34432
PUBLISHED: 2021-07-27
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
CVE-2021-20399
PUBLISHED: 2021-07-27
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.