Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2008
Page 1 / 2   >   >>
Google Warns Users About Phishing
News  |  4/30/2008  | 
In advising users to be wary of clicking on links in e-mail messages or responding to requests for personal information, Google is trying to protect its own business.
Large Businesses Wrestle With Web 2.0
News  |  4/30/2008  | 
New capabilities turn security policies and practices on end, panelists say
Software Lets Enterprises Encrypt, Restrict Use of CD/DVD Media
Quick Hits  |  4/30/2008  | 
New technology from Lumension encrypts data on CDs, prevents reading and writing without network authorization
When Bots Don't Care - Or Don't Know Enough to
News  |  4/30/2008  | 
Misguided apathy among consumers could be contributing to botnet proliferation
Webroot to Launch Enterprise Web Filtering Service
News  |  4/29/2008  | 
Content filtering will be marketed alongside email management service
Microsoft Adds Two to Forefront Family
News  |  4/29/2008  | 
Remote access, edge security products now under Forefront umbrella
'USB Hacksaw' Still Sharp, Expert Says
Quick Hits  |  4/29/2008  | 
Exploit allows hackers to dump data from thumb drives and email it to a remote location
Avoiding a Mesh Mess
News  |  4/29/2008  | 
Factor in security with Microsoft's new Live Mesh
Microsoft Blames Poor Coding Practices For Massive SQL Injection Attack
News  |  4/28/2008  | 
U.S. CERT recommends disabling JavaScript and ActiveX because of attacks that have compromised legitimate Web sites using Microsoft IIS Web Server and Microsoft SQL Server.
Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says
News  |  4/28/2008  | 
Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says
'Long-Term' Phishing Attack Underway
News  |  4/28/2008  | 
New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
Societe Generale Goat Gets IT Consulting Job
Quick Hits  |  4/28/2008  | 
Man who singlehandedly cost financial services firm more than $7B is now giving advice
Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
News  |  4/25/2008  | 
Security consultancy GNUCitizen says an attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution.
Tech Insight: DIY Penetration Testing
News  |  4/25/2008  | 
When to conduct your own penetration test or to farm it out to a third party
Men More Likely Than Women to Fall for Internet Fraud
Quick Hits  |  4/25/2008  | 
Guys lose $1.67 to every $1 lost by gals, ICCC says
Small And Midsize Businesses' IT Security Budgets 'Recession-Proof'
News  |  4/24/2008  | 
Despite overall economic difficulties, survey respondents say they still plan to invest in technology this year.
Securing the Internet's DNS
News  |  4/24/2008  | 
Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Companies May Be Held Liable for Deals With Terrorists, ID Thieves
News  |  4/23/2008  | 
New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Researchers Infiltrate and 'Pollute' Storm Botnet
News  |  4/23/2008  | 
European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites
Quick Hits  |  4/23/2008  | 
United Nations, UK government sites are among the victims
Market's Message to Security Pros: Adapt or Die
News  |  4/23/2008  | 
Shifts in economy, business are forcing re-prioritization in the IT security department, studies say
Security Vulnerabilities Reported At Obama, Clinton Web Sites
News  |  4/22/2008  | 
Researchers said cross-site scripting problems found on the sites could result in anything from a harmless pop-up window to exposure to malicious software.
Infected Web Pages Nearly Triple
News  |  4/22/2008  | 
Sophos says that it discovered a new infected Web page every 5 seconds. In 2007, the company says, it saw new infected Web pages every 14 seconds.
Microsoft Report: Physical Data Theft, Trojans Up; Bug Disclosure Down
News  |  4/22/2008  | 
Trojan attacks jump by 300 percent, but publicly disclosed vulnerabilities reach three-year ebb
New Tool Lets Enterprises Manage Security on Multiple Linux Servers
News  |  4/21/2008  | 
Trusted Computer Solutions readies software that can 'lock down' servers running Red Hat, CentOS, or Oracle Enterprise Linux
Server Theft Exposes Data on 700,000 Consumers
Quick Hits  |  4/21/2008  | 
Break-in at debt collection company puts Indiana citizens' personal information at risk
'Provider-in-the-Middle Attacks' Put Major Websites, Users at Risk
News  |  4/21/2008  | 
Researchers discover that ad servers from over 70 ISPs, such as Earthlink and Comcast, put trademarked sites - and users who visit them - at risk of cross-site scripting, other attacks
2008 Could Be Record Year for Breaches
Quick Hits  |  4/18/2008  | 
More than 8 million Americans' data has been exposed so far this year, first-quarter study says
An Rx for Doctors Suffering From Spam Attacks
News  |  4/18/2008  | 
Health Care Notification Network (HCNN) for physicians aims to streamline alerts, as well as protect doctors from spam and other attacks
Enterprises Slow Fight Against Malicious Code
News  |  4/18/2008  | 
Most organizations believe they are more secure than a year ago, BT study finds
24 Digital Spy Tools To Capture, Protect, And Secure Data
News  |  4/17/2008  | 
To catch a data thief, you'll need discreet audio and video recorders, tiny cameras, keystroke loggers, and a trove of other 007-worthy digital security, monitoring, and surveillance devices.
Customers Ticked Off Over Breach Notification
Quick Hits  |  4/17/2008  | 
Majority of customers have had their data exposed more than once, study says
Security, IT Operations, Compliance & Privacy Converge in Data Center
News  |  4/17/2008  | 
Formerly disconnected disciplines find themselves working together
Women More Likely Than Men To Surrender Security For Chocolate
News  |  4/16/2008  | 
The overall percentage of London office workers willing to trade their computer passwords for a few moments of chocolaty goodness was down two-thirds compared to 2007.
Women Are Four Times More Likely to Give Up Passwords for Chocolate
Quick Hits  |  4/16/2008  | 
But overall willingness to give up passwords has dropped sharply since 2007, study finds
Wireless Security Gets Boost From New Round of Products
News  |  4/16/2008  | 
Wireless isn't the problem child it used to be, but authentication and management still challenge enterprises
Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs
News  |  4/15/2008  | 
iDefense estimates that the attack went out to about 15,000 to 20,000 executives, resulting in about 1,800 confirmed malware victims.
PayPal Outlines Strategy to Slow Phishing
News  |  4/15/2008  | 
Web's biggest phishing target published multi-layered plan to reduce delivery of fake emails and warn users of phishing sites
Startup Launches Tool That Analyzes & Maps Network Architecture for Risk
Quick Hits  |  4/15/2008  | 
Athena Security goes public and shows off its new tool for determining the risks posed by network configurations
Oracle Plans 41 Patches For Tuesday
News  |  4/14/2008  | 
The number of published proof-of-concept exploits for Oracle products last year supports research noting an increase in attacks on applications.
CA Exec: Security Pros Need to Be Unburied From the Org Chart
News  |  4/14/2008  | 
To succeed, IT security must raise its profile in the business, says former CIO
New York Hospital Worker Arrested for Stealing 50,000 Patient Records
Quick Hits  |  4/14/2008  | 
Theft was discovered by police, not hospital IT staff
Study Finds 'Alarming' Ignorance About Cybercrime
News  |  4/11/2008  | 
"Consumers' unsecured computers play a major role in helping cybercriminals conduct cybercrimes," the National Cyber Security Alliance warns.
Panel: DLP Outlook Hopeful, But No Silver Bullet
News  |  4/11/2008  | 
Data loss protection technology is getting real, experts say, but it won't stop determined insiders by itself
Tech Insight: Virtualization Gets Personal
News  |  4/11/2008  | 
As tools open up avenues for desktop virtualization, enterprises must choose the right security path
Al Gore Bans Press at RSA
Quick Hits  |  4/11/2008  | 
Keynote on green technologies makes reporters see red
Down To Business: It's Past Time To Elevate The Infosec Conversation
Commentary  |  4/10/2008  | 
At the RSA conference, the security discussion was about helping customers innovate and deliver business value.
RSA: The Case For Code Testing
News  |  4/10/2008  | 
Automated security tools are the best way to reduce application-layer vulnerabilities, said cybersecurity veteran Howard Schmidt.
IBM: The Security Business 'Has No Future'
News  |  4/10/2008  | 
IBM executive tells RSA attendees that the security business is dead - and sustainable business is the future
AirPatrol Keeps Tabs on Illicit Mobiles
Quick Hits  |  4/10/2008  | 
Networked sensors detect and locate mobile phones and WiFi-connected laptops
Page 1 / 2   >   >>

COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...