Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2007
Page 1 / 3   >   >>
FTC Ups the Ante on Fighting Spam, Phishing
Quick Hits  |  12/31/2007  | 
Federal Trade Commission report calls for authenticated email, reputation services, and better consumer anti-spam reporting tools
Secure Resolutions
News  |  12/31/2007  | 
Skip the diet and spend more time in the lab
The Five Coolest Hacks of 2007
News  |  12/31/2007  | 
Nothing was sacred - not cars, not truckers, not even the stock exchange
Hackers Take the Holidays
News  |  12/30/2007  | 
Christmas, New Year's, or St. Swithin's Day, attackers always seem to be in a holiday mood
The Prank That Could Kill You
News  |  12/30/2007  | 
'Swatting' is becoming increasingly popular - with potentially dangerous consequences
US-Based Chinese News Site Gets DDOSed
Quick Hits  |  12/28/2007  | 
Attack knocks out 2,000 Chinese dissident blogs hosted on the site
Security's Biggest Train Wrecks of 2007
News  |  12/27/2007  | 
We've seen a boxcar o' breaches and break-ins this year, but these were the most grisly - and the hardest to take our eyes from
Emerging Threats Could Help Security Pros
Quick Hits  |  12/26/2007  | 
New Website aims to make security data more useful and available
Storm Darkens Christmas, Takes Aim at New Year's
News  |  12/26/2007  | 
Botnet takes a holiday on users' computers
The Gifts That Keep on Giving
News  |  12/26/2007  | 
Holiday gifts of gadgets and storage devices can create nightmares for IT
IT Consultant Hacks Former Client
Quick Hits  |  12/26/2007  | 
Angered over business deal, consultant wipes out former client's customer database
Tech Insight: Microsoft's IPSec
News  |  12/21/2007  | 
Windows' built-in security capabilities offer endpoint alternative to NAP/NAC
Privacy Goes Public
News  |  12/21/2007  | 
While end users remain confused about online privacy issues, enterprises - and vendors - now make it their business
Cisco Broadens Threat Picture With New Report
News  |  12/20/2007  | 
First-time annual study offers insights on human, physical aspects of security as well as attacks and vulnerabilities
Alleged Phishing 'Mules' Arrested
News  |  12/20/2007  | 
Fourteen ABN AMRO customers were recruited by cybercriminals to launder stolen bank account funds
BitDefender Unveils 2008 Predictions
News  |  12/20/2007  | 
Mobile devices expected to be major target for cyber criminals
'Super Spam Me'
Quick Hits  |  12/20/2007  | 
McAfee studies effects of replying to unwanted email
Navigating the 'C' of Network Discovery
News  |  12/19/2007  | 
10:12 AM -- You have to find it before you can secure it
Amid Confusion, Market for ID Theft Services Grows
News  |  12/19/2007  | 
Baffled by conflicting information, consumers increasingly drawn into web of 'theft prevention' offerings
Google's Orkut Social Network Hacked
News  |  12/19/2007  | 
Hundreds of thousands of users infected by XSS worm hidden in messages from 'friends'
Data Loss Is Top Concern in Microsoft Poll
Quick Hits  |  12/19/2007  | 
Software giant sees sharp decline in worries about malware
Pen Testing Goes Reality TV
News  |  12/19/2007  | 
New CourtTV documentary 'Tiger Team' will follow real pen testers hired to hack businesses
Putting Up Your Cyber Defenses
News  |  12/19/2007  | 
It's time to start thinking about protecting your systems - and your employees - in the event of attacks from foreign entities
Klocwork to Support Symbian OS
News  |  12/18/2007  | 
Klocwork joins Symbian Platinum Program
Hacking a New DNS Attack
News  |  12/18/2007  | 
DNS expert disputes Georgia Tech and Google research that points to malicious deployment of certain types of DNS servers
Internet Privacy: No Big Deal?
News  |  12/18/2007  | 
Despite warnings, users continue to post personal information on the Web
BitDefender Detects New Trojan
News  |  12/18/2007  | 
BitDefender detects new Trojan that hijacks Google text advertisements
BitDefender Recaps Top Threats
News  |  12/18/2007  | 
BitDefender also predicts continued growth of political spam in recap of top spam for 2007
Disney, Home Depot Get Poor Privacy Marks
Quick Hits  |  12/18/2007  | 
Ralph Lauren is among the best, public interest group says
Cenzic Reports New Gmail, IE Bugs
News  |  12/17/2007  | 
Cenzic discovers vulnerabilities and potential threats in Google and Microsoft software
Perimeter eSecurity Makes 2008 Resolutions
News  |  12/17/2007  | 
Layered security needed now more than ever to protect against the ongoing flood of external & internal threats
eEye Ship Not 'Sinking,' CEO Says
Quick Hits  |  12/17/2007  | 
Revenues in software and services up 53% over last year, says Kamal Arafeh
Redefining the Perimeter
News  |  12/17/2007  | 
Mobile devices offer great flexibility for users, but be sure you apply the right security rules
Data on 3M UK Drivers 'Lost in Iowa'
News  |  12/17/2007  | 
Misplaced hard drive adds to furor over lost tax data
Veracode Now Scans for Software Backdoors
News  |  12/17/2007  | 
Veracode shines spotlight on software backdoors as an emerging threat
New Service Detects Backdoors in Software
News  |  12/17/2007  | 
Veracode identifies different types of these hidden programs in applications, adds a 'metal detector' for detecting them
Breaches Cause Skittish Attitudes Among Holiday Shoppers
News  |  12/14/2007  | 
Many consumers no longer sure of the security of their transactions, study says
New Plug-ins Help Firefox Find XSS, SQL Injection
News  |  12/14/2007  | 
Powerful tools help identify vulnerabilities, but use them advisedly
Man Uses Toaster to Hack Computer
Quick Hits  |  12/14/2007  | 
And no, we don't mean it the other way around
SkyRecon IDs New Microsoft Vista Vulnerability
News  |  12/14/2007  | 
SkyRecon research team provides information leading to patch of Vista flaw
Spam Reaching Record Volumes, Researchers Say
News  |  12/13/2007  | 
Study says 95% of all email is now spam
Report: Security Becoming Business Tool
News  |  12/13/2007  | 
Compliance, privacy and data protection, and meeting business objectives are top three drivers for security
Quick Website Vulnerability Self-Test
Quick Hits  |  12/13/2007  | 
Breach Security offers simple test you can do on your own to check for Website flaws
Study: Breaches of Personal Data Now Prevalent in Enterprises
News  |  12/12/2007  | 
Eighty-five percent of enterprises have experienced at least one reportable incident in the past 12 months
Careful What You Buy
News  |  12/12/2007  | 
Before you put sign the check, make sure you've covered all the options for solving your security problem
Predicting Peril
News  |  12/12/2007  | 
We may not be able to predict the next big attack, but we can identify the trends that will spawn it
Maiffret Says Bye to eEye
News  |  12/12/2007  | 
eEye co-founder Marc Maiffret, 27, has quietly left the security firm he started at age 17
Untangle Surpasses 100K Users
News  |  12/12/2007  | 
Untangle, the pioneer in open source network gateway platforms, announced that it has surpassed the 100,000 users milestone
'You've Got Cross-Site Scripting'
News  |  12/12/2007  | 
Free email alert service lets customers know when an XSS vulnerability is found on their sites
FTC Charges Payment Processor in Fraud Scam
Quick Hits  |  12/12/2007  | 
Third-party payment services aided Internet scammers in attempting $200M in online fraud, FTC says
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...