Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2006
2007: Trouble Ahead
News  |  12/29/2006  | 
Dark Reading gives you the lowdown on the main security threats to look out for in '07
ESET Touts Advanced+ Rating
News  |  12/28/2006  | 
ESET's NOD32 receives Advanced+ rating from AV-comparatives
The Six Dirtiest Tricks of 2006
News  |  12/27/2006  | 
Dark Reading remembers six of the sneakiest exploits of the year, as rated by readers
SEC Exposes Online Fraudster
News  |  12/26/2006  | 
Estonian disguises his identity, uses stolen electronic IDs in classic 'pump and dump' scheme
VOIP More Vulnerable
News  |  12/20/2006  | 
Hear that? That's the sound of hackers starting to wield the latest VOIP hacking tools
Nike Bares Its Sole
News  |  12/20/2006  | 
New combination of running shoes with Apple iPod leaves joggers open to electronic surveillance
Building Trust
News  |  12/19/2006  | 
Security pros see the impact of security on business reputation, but many higher-level execs don't
Perimeter Suggests Resolutions
News  |  12/19/2006  | 
While AI has come a long way, computer users are still the ones charged with security of their data, networks, and computers
Spam Service Shuttered
News  |  12/19/2006  | 
The last vestiges of old-school spam techniques signed off today with the demise of the Open Relay Database (ORDB)
An Apple (Bug) a Day
News  |  12/19/2006  | 
Happy New Year from your favorite hackers
Vulnerability Tools Get Teeth
News  |  12/18/2006  | 
Vulnerability assessment tools are merging with configuration management, penetration testing, and even NAC
Marshal Attacks Spam
News  |  12/18/2006  | 
Marshal announces a successful first year of independent operation following its December 2005 management buy-out from NetIQ
Phishing Attacks on Rise
News  |  12/18/2006  | 
Cloudmark has seen a substantial increase in attacks on European banking brands, with increases of nearly 300% in a month in some cases
Risk Management's New Bell Curve
News  |  12/18/2006  | 
New report from McAfee points to need for insurance-like business model for IT security
Phishing Your Own Users
News  |  12/18/2006  | 
New anti-phishing upgrades raise the profile of client-side attacks
McAfee Protects USDA
News  |  12/18/2006  | 
McAfee has been selected to protect the US Department of Agriculture's messaging system from spam, phishing, spyware, and virus attacks
PHP Security Expert Quits
News  |  12/15/2006  | 
'Communications issues' cited as Stefan Esser resigns
'Not Much Resistance at the Door'
News  |  12/15/2006  | 
Website security hasn't improved much over the past year, according to a survey of Web app security pros
EEye Discovers Worm/Botnet
News  |  12/15/2006  | 
EEye Digital Security has discovered Big Yellow, a non-Microsoft-based malware that has both worm and botnet characteristics
Authentium Unveils ESP
News  |  12/14/2006  | 
Authentium announced availability of the Authentium Extensible Service Platform (ESP) for Enterprise
How Much Is That Exploit in the Window?
News  |  12/14/2006  | 
Researcher relays sticker prices for some of today's hottest hacks
IBM Intros Consulting Service
News  |  12/14/2006  | 
IBM announced a first-of-its-kind consulting service designed to measure the way businesses govern data
DNSstuff.com Adds Service
News  |  12/13/2006  | 
DNSstuff.com has launched a new membership option with enhanced tools
Startup Finds Phish in Browsers
News  |  12/13/2006  | 
New company could help banks, other service providers to warn users when they've been phished
nCircle Launches Trade-Up Program
News  |  12/12/2006  | 
nCircle announced a program for enterprises who want to upgrade their security program to include security risk and compliance management
F-Secure Goes Virtual
News  |  12/12/2006  | 
F-Secure announced the availability of its next-generation messaging security solutions, F-Secure Messaging Security Gateway appliance
Report: Phish Jump
News  |  12/12/2006  | 
The number of phishing sites grew dramatically from September to October, as phishers got savvier
Worms Get Smarter
News  |  12/12/2006  | 
A new generation of worm exploits hitting MySpace and other social net sites is using the latest in attack vectors. Why you should worry
Burton Announces Changes
News  |  12/12/2006  | 
Burton Group has released a three-part research series to help enterprise organizations build a full spectrum defense against malware
TRACE Reports Spam Surge
News  |  12/12/2006  | 
Phishing emails from Asia and holiday spam skyrocket
Open-Source NAC
News  |  12/11/2006  | 
PacketFence initiative offers public-domain alternative for network access control
Two Sides of Single Sign-On
News  |  12/11/2006  | 
The answer to password maintenance problems, or inherently insecure? Talk back to us
MIME Vulnerabilities Rear Up Again
News  |  12/8/2006  | 
Years after the ubiquitous email standard was developed, researchers are still finding security flaws in it
Credit Union Authenticates 'Bio-Rhythms'
News  |  12/8/2006  | 
New biometrics tool measures typing rhythms to authenticate users
Oracle Spurs Single Sign-On Surge
News  |  12/7/2006  | 
Venerable technology prepares for rebirth with emergence of cross-domain identity management technologies
CloudShield Stops Attack
News  |  12/7/2006  | 
CloudShield has helped stop a major DDOS attack aimed at EveryDNS
DNS Attacks on the Rise
News  |  12/6/2006  | 
The old reliable DNS server is becoming a popular target of botnets and other attacks
Bull Market for Cybercriminals
News  |  12/6/2006  | 
Fraudsters add online twists to time-tested stock and securities scams
Deck the Halls, Not the WAP
News  |  12/6/2006  | 
Those red and green decorations could give the blues to your wireless network
IBM Buys Into Security Compliance
News  |  12/5/2006  | 
Acquisition of Consul gives Big Blue a new weapon in match between enterprises and security auditors
Webroot Intros Small Biz Solution
News  |  12/5/2006  | 
Webroot announced the availability of Webroo SME Security
Arxceo Adds Excecs
News  |  12/5/2006  | 
Arxceo has opened offices in Atlanta and Tokyo
EEye Intros Web Tracker
News  |  12/4/2006  | 
EEye is offering the first vulnerability tracking site that focuses exclusively on zero-day vulnerabilities
DNS Service Under DDOS Attack
News  |  12/4/2006  | 
A stubborn distributed denial-of-service attack is hammering away at a free DNS service and has disrupted tens of thousands of its customers
Compliance Keys: Money, Monitoring
News  |  12/4/2006  | 
New study shows direct relationship between compliance success and security investment, monitoring
WatchGuard Adds UTM
News  |  12/3/2006  | 
WatchGuard Technologies has added UTM protection to its Firebox X Edge e-Series line of integrated security appliances
The Great Creeping Time-Suck
News  |  12/1/2006  | 
Peripheral tasks and distractions keep IT security people from doing their real jobs
Hacker Cuts Swath Through US Government Computers
News  |  12/1/2006  | 
Romanian man indicted for breaking into more than 150 federal government systems, violating live NASA data
Spying on Spyware
News  |  12/1/2006  | 
A new patent-pending antispyware technology 'listens' for spyware based on its network behavior
Kaspersky Posts Top Twenty
News  |  12/1/2006  | 
Kaspersky Labs posts virus Top Twenty for November 2006


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-20693
PUBLISHED: 2021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20695
PUBLISHED: 2021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVE-2020-20696
PUBLISHED: 2021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.