Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2007
<<   <   Page 2 / 3   >   >>
Four in 10 IT Execs Call Their Networks Insecure
News  |  12/12/2007  | 
Email viruses and Internet downloads considered to be the greatest threat to network security for SMBs
Sipera Reveals Top Five VOIP Vulnerabilities
News  |  12/12/2007  | 
Remote eavesdropping and VOIP hopping, vishing, skype worm, and toll fraud threaten users, enterprises, and service providers
AppliCure Seeks N.A. Resellers of Its WAF
News  |  12/12/2007  | 
Applicure seeks North American channel partners for SANS-highlighted Web application firewall software
Arbor: 2008 Year of iPhone Hacks
News  |  12/11/2007  | 
The iPhone will be a primary target for hackers in 2008
Secure64 Touts DNS
News  |  12/11/2007  | 
Leading security researchers find Secure64 SourceT Micro OS immune to all known rootkits and malware
Study: Personal Data Exposed Frequently
News  |  12/11/2007  | 
Eighty-five percent of privacy and security professionals say a reportable data breach occurred in their organizations in the last year
Small Businesses Feel Security's Burn
News  |  12/11/2007  | 
Nearly one third of SMBs have experienced system compromise in the past year, study says
Ask.com Won't Tell
Quick Hits  |  12/11/2007  | 
New privacy control feature in search engine lets users ensure their requests get automatically purged, not stored
IBM Rolls Out Tools for Safer Software
News  |  12/11/2007  | 
New IBM technologies help developers build safer software
Sophos Adds to Email Security and Control
News  |  12/11/2007  | 
Sophos debuts a powerful new weapon in the fight against spam
BitDefender Antivirus 2008 Gets Certified
News  |  12/11/2007  | 
Polymorphic file infectors and rampant false positives keep half of entrants uncertified
Abaca Provides Email Protection for Higher Ed
News  |  12/11/2007  | 
Innovative anti-spam solution ensures campus-wide security with minimal IT support
Real Data in App Testing Poses Real Risks
News  |  12/10/2007  | 
Simulated or 'anonymized' data is a better option than exposing live data to outside sources
Success Through Automation
News  |  12/10/2007  | 
It's good to simplify repetitive processes, but be sure you keep security in mind
End Users Flout Enterprise Security Policies
News  |  12/10/2007  | 
Separate studies show many users understand rules, but they break them anyway
Study: Users Have False Sense of Security
Quick Hits  |  12/10/2007  | 
Over 90% think they're pretty safe on the Internet, but about half of them are at risk, Verizon says
MessageLabs Announces Annual Report
News  |  12/10/2007  | 
Report highlights how 2007 has been a year of diversity due to the vast number of tactics, techniques, and Trojans entering the security market
Finjan Identifies New Genre of Crimeware Trojans
News  |  12/10/2007  | 
In Web security trends report, Finjan explores 'Trojan 2.0' attacks that utilize regular Web 2.0 technology to exploit legitimate Web services
Cenzic Integrates VMWare
News  |  12/10/2007  | 
Cenzic introduces automated security assessment of Web applications in production through virtualization
Klocwork Partners With Japanese Firm
News  |  12/10/2007  | 
CEC to provide Klocwork's products and services through its PROVEQ Source Code Verification Brand
DOE Lab Break-in May Be Tip of the Iceberg
News  |  12/7/2007  | 
Data breach at Oak Ridge National Laboratory part of a series of cyberattacks - possibly out of China - on US laboratories and institutions
Server-Jacking
News  |  12/7/2007  | 
Don't forget to secure your server hardware in case of physical theft
AV Gets a Facelift
News  |  12/7/2007  | 
New features such as whitelisting take the spotlight in next generation of endpoint protection products
Lessons From High School
News  |  12/7/2007  | 
Old-school, no-tech mistakes can lead to data leakage
Vendor Threatens Secunia With Legal Action if It Reports Bug
Quick Hits  |  12/7/2007  | 
Autonomy says vulnerability already fixed, Secunia says it's not
Websense Predicts Top 10 Threats for '08
News  |  12/6/2007  | 
Olympics, online advertisements, and Web 2.0 threats top hacker's to-do lists
Peering Inside the IRC Botnet
News  |  12/6/2007  | 
New report by Chinese and German researchers provides bird's eye view of how an Internet Relay Chat botnet operates
BitDefender Gets $7M for Expansion
News  |  12/6/2007  | 
BitDefender receives funding to support global expansion and advance leadership position in antivirus software and data security
Avinti Sees Surge in Blended Threat Emails
News  |  12/6/2007  | 
NEWT blocks email attacks that link to Web-based malware
'Prevention' Can Give Hackers a Shot in the Arm
News  |  12/6/2007  | 
Intrusion prevention systems may help attackers to evolve
Better-Behaved AV Testing
News  |  12/5/2007  | 
The newly formed Anti-Malware Testing Working Group will determine how best to conduct behavioral tests
Ranum's Wild Security Ride
News  |  12/5/2007  | 
Marcus Ranum dispels firewall myths, revives Medieval horsemanship, and rants about researchers
US Air Force Selects Cigital
News  |  12/5/2007  | 
Air Force selects Cigital to provide expert guidance in software assurance
Calyptix Adds to Sales & Development
News  |  12/5/2007  | 
Calyptix builds staff to meet market demand
Shavlik Names New CTO
News  |  12/5/2007  | 
Shavlik Technologies announced the appointment of Eric Schultze to the position of chief technology officer
WhiteHat Rolls Out Sentinel SE
News  |  12/4/2007  | 
New addition to WhiteHat Sentinel family provides broad access to Web application security for enterprise and PCI 6.6 customers
Grisoft Buys Exploit Prevention Labs
News  |  12/4/2007  | 
Grisoft acquires Exploit Prevention Labs, developer of LinkScanner safe surfing technology
TJX Settles With Banks for $41 Million
News  |  12/4/2007  | 
More than 100 million account records were breached, retail giant reveals
MU Security Adds Experts to Advisory Board
News  |  12/4/2007  | 
Addition of Byres Security CTO Eric Byres and Neohapsis CTO Greg Shipley complements existing board's experience
Microsoft's Wireless Keyboard Hacked
News  |  12/4/2007  | 
Researchers crack encryption, 'own' 27MHz keyboards
DARPA Looking for a Few Good Networks
Quick Hits  |  12/4/2007  | 
Defense Advanced Research Projects Agency seeks network security proving ground for cyberwar tactics
IronPort Releases '07 Trends, '08 Predictions
News  |  12/3/2007  | 
IronPort reports on spam, viruses, and malware highlights trends of 2007 and predictions for 2008
Old Worm Rebounds in Sophos Top 10
News  |  12/3/2007  | 
Rise of old-timer indicates too many users failing to protect their systems
eIQ Achieves Profitability in Q2
News  |  12/3/2007  | 
eIQnetworks achieves profitability and record growth for Q2, fiscal 2008
Study Reveals Overlooked Sources of Leaks
News  |  12/3/2007  | 
After you've secured your electronic perimeter, it's time to check the copier and the front door, ISF report says
Social-Engineering Employees
News  |  12/3/2007  | 
A financial institution's accommodating employees let 'bad guys' in the door, into the conference room, and onto their machines with U3 thumb drives
New DNS Technology Flags Bad Guys Before They Act
News  |  12/3/2007  | 
DNSstuff has filed for a patent for the new security technology
Is It Time to Revisit Your Breach Response Plan?
News  |  12/3/2007  | 
Response to sensitive-data breaches should involve legal, PR departments
Tapping Hackers' 'Phones'
Quick Hits  |  12/3/2007  | 
By indexing IRC traffic, startup threatens privacy on hackers' favorite communications network
Kaspersky Releases Malware Evolution Report
News  |  12/3/2007  | 
Report highlights inner workings of a Kaspersky Lab virus investigation
<<   <   Page 2 / 3   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14905
PUBLISHED: 2020-03-31
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS co...
CVE-2020-11441
PUBLISHED: 2020-03-31
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.
CVE-2020-1712
PUBLISHED: 2020-03-31
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sen...
CVE-2019-10180
PUBLISHED: 2020-03-31
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could...
CVE-2019-14880
PUBLISHED: 2020-03-31
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.