Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in December 2007
<<   <   Page 2 / 3   >   >>
Four in 10 IT Execs Call Their Networks Insecure
News  |  12/12/2007  | 
Email viruses and Internet downloads considered to be the greatest threat to network security for SMBs
Sipera Reveals Top Five VOIP Vulnerabilities
News  |  12/12/2007  | 
Remote eavesdropping and VOIP hopping, vishing, skype worm, and toll fraud threaten users, enterprises, and service providers
AppliCure Seeks N.A. Resellers of Its WAF
News  |  12/12/2007  | 
Applicure seeks North American channel partners for SANS-highlighted Web application firewall software
Arbor: 2008 Year of iPhone Hacks
News  |  12/11/2007  | 
The iPhone will be a primary target for hackers in 2008
Secure64 Touts DNS
News  |  12/11/2007  | 
Leading security researchers find Secure64 SourceT Micro OS immune to all known rootkits and malware
Study: Personal Data Exposed Frequently
News  |  12/11/2007  | 
Eighty-five percent of privacy and security professionals say a reportable data breach occurred in their organizations in the last year
Small Businesses Feel Security's Burn
News  |  12/11/2007  | 
Nearly one third of SMBs have experienced system compromise in the past year, study says
Ask.com Won't Tell
Quick Hits  |  12/11/2007  | 
New privacy control feature in search engine lets users ensure their requests get automatically purged, not stored
IBM Rolls Out Tools for Safer Software
News  |  12/11/2007  | 
New IBM technologies help developers build safer software
Sophos Adds to Email Security and Control
News  |  12/11/2007  | 
Sophos debuts a powerful new weapon in the fight against spam
BitDefender Antivirus 2008 Gets Certified
News  |  12/11/2007  | 
Polymorphic file infectors and rampant false positives keep half of entrants uncertified
Abaca Provides Email Protection for Higher Ed
News  |  12/11/2007  | 
Innovative anti-spam solution ensures campus-wide security with minimal IT support
Real Data in App Testing Poses Real Risks
News  |  12/10/2007  | 
Simulated or 'anonymized' data is a better option than exposing live data to outside sources
Success Through Automation
News  |  12/10/2007  | 
It's good to simplify repetitive processes, but be sure you keep security in mind
End Users Flout Enterprise Security Policies
News  |  12/10/2007  | 
Separate studies show many users understand rules, but they break them anyway
Study: Users Have False Sense of Security
Quick Hits  |  12/10/2007  | 
Over 90% think they're pretty safe on the Internet, but about half of them are at risk, Verizon says
MessageLabs Announces Annual Report
News  |  12/10/2007  | 
Report highlights how 2007 has been a year of diversity due to the vast number of tactics, techniques, and Trojans entering the security market
Finjan Identifies New Genre of Crimeware Trojans
News  |  12/10/2007  | 
In Web security trends report, Finjan explores 'Trojan 2.0' attacks that utilize regular Web 2.0 technology to exploit legitimate Web services
Cenzic Integrates VMWare
News  |  12/10/2007  | 
Cenzic introduces automated security assessment of Web applications in production through virtualization
Klocwork Partners With Japanese Firm
News  |  12/10/2007  | 
CEC to provide Klocwork's products and services through its PROVEQ Source Code Verification Brand
DOE Lab Break-in May Be Tip of the Iceberg
News  |  12/7/2007  | 
Data breach at Oak Ridge National Laboratory part of a series of cyberattacks - possibly out of China - on US laboratories and institutions
Server-Jacking
News  |  12/7/2007  | 
Don't forget to secure your server hardware in case of physical theft
AV Gets a Facelift
News  |  12/7/2007  | 
New features such as whitelisting take the spotlight in next generation of endpoint protection products
Lessons From High School
News  |  12/7/2007  | 
Old-school, no-tech mistakes can lead to data leakage
Vendor Threatens Secunia With Legal Action if It Reports Bug
Quick Hits  |  12/7/2007  | 
Autonomy says vulnerability already fixed, Secunia says it's not
Websense Predicts Top 10 Threats for '08
News  |  12/6/2007  | 
Olympics, online advertisements, and Web 2.0 threats top hacker's to-do lists
Peering Inside the IRC Botnet
News  |  12/6/2007  | 
New report by Chinese and German researchers provides bird's eye view of how an Internet Relay Chat botnet operates
BitDefender Gets $7M for Expansion
News  |  12/6/2007  | 
BitDefender receives funding to support global expansion and advance leadership position in antivirus software and data security
Avinti Sees Surge in Blended Threat Emails
News  |  12/6/2007  | 
NEWT blocks email attacks that link to Web-based malware
'Prevention' Can Give Hackers a Shot in the Arm
News  |  12/6/2007  | 
Intrusion prevention systems may help attackers to evolve
Better-Behaved AV Testing
News  |  12/5/2007  | 
The newly formed Anti-Malware Testing Working Group will determine how best to conduct behavioral tests
Ranum's Wild Security Ride
News  |  12/5/2007  | 
Marcus Ranum dispels firewall myths, revives Medieval horsemanship, and rants about researchers
US Air Force Selects Cigital
News  |  12/5/2007  | 
Air Force selects Cigital to provide expert guidance in software assurance
Calyptix Adds to Sales & Development
News  |  12/5/2007  | 
Calyptix builds staff to meet market demand
Shavlik Names New CTO
News  |  12/5/2007  | 
Shavlik Technologies announced the appointment of Eric Schultze to the position of chief technology officer
WhiteHat Rolls Out Sentinel SE
News  |  12/4/2007  | 
New addition to WhiteHat Sentinel family provides broad access to Web application security for enterprise and PCI 6.6 customers
Grisoft Buys Exploit Prevention Labs
News  |  12/4/2007  | 
Grisoft acquires Exploit Prevention Labs, developer of LinkScanner safe surfing technology
TJX Settles With Banks for $41 Million
News  |  12/4/2007  | 
More than 100 million account records were breached, retail giant reveals
MU Security Adds Experts to Advisory Board
News  |  12/4/2007  | 
Addition of Byres Security CTO Eric Byres and Neohapsis CTO Greg Shipley complements existing board's experience
Microsoft's Wireless Keyboard Hacked
News  |  12/4/2007  | 
Researchers crack encryption, 'own' 27MHz keyboards
DARPA Looking for a Few Good Networks
Quick Hits  |  12/4/2007  | 
Defense Advanced Research Projects Agency seeks network security proving ground for cyberwar tactics
IronPort Releases '07 Trends, '08 Predictions
News  |  12/3/2007  | 
IronPort reports on spam, viruses, and malware highlights trends of 2007 and predictions for 2008
Old Worm Rebounds in Sophos Top 10
News  |  12/3/2007  | 
Rise of old-timer indicates too many users failing to protect their systems
eIQ Achieves Profitability in Q2
News  |  12/3/2007  | 
eIQnetworks achieves profitability and record growth for Q2, fiscal 2008
Study Reveals Overlooked Sources of Leaks
News  |  12/3/2007  | 
After you've secured your electronic perimeter, it's time to check the copier and the front door, ISF report says
Social-Engineering Employees
News  |  12/3/2007  | 
A financial institution's accommodating employees let 'bad guys' in the door, into the conference room, and onto their machines with U3 thumb drives
New DNS Technology Flags Bad Guys Before They Act
News  |  12/3/2007  | 
DNSstuff has filed for a patent for the new security technology
Is It Time to Revisit Your Breach Response Plan?
News  |  12/3/2007  | 
Response to sensitive-data breaches should involve legal, PR departments
Tapping Hackers' 'Phones'
Quick Hits  |  12/3/2007  | 
By indexing IRC traffic, startup threatens privacy on hackers' favorite communications network
Kaspersky Releases Malware Evolution Report
News  |  12/3/2007  | 
Report highlights inner workings of a Kaspersky Lab virus investigation
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-20099
PUBLISHED: 2022-06-27
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.
CVE-2022-2221
PUBLISHED: 2022-06-27
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
CVE-2022-28622
PUBLISHED: 2022-06-27
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
CVE-2022-31034
PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in paramete...
CVE-2022-31035
PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with th...