Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in April 2008
<<   <   Page 2 / 2
Vendors Push Out UTM's Boundaries
News  |  4/10/2008  | 
The emphasis is still on security, but traffic management and SOHO scaleability figure more highly at RSA
RSA: Cyber Storm II Builds Network To Defend Against Cyber Crisis
News  |  4/9/2008  | 
The latest government-sponsored simulated computer security crisis shows there are still some shortfalls in information sharing.
Microsoft Releases 'Critical' Security Updates For Windows, Explorer
News  |  4/9/2008  | 
One of the key vulnerabilities involves a weakness in Microsoft's VBScript and JScript scripting engines.
Google Groups Still Littered With Malware-Infected Explicit Videos
News  |  4/9/2008  | 
Sunbelt Software CEO Alex Eckelberry says the problem is directly tied to hacks of Google's CAPTCHA security.
IBM's 'Phantom' to Study Virtual Security
Quick Hits  |  4/9/2008  | 
Research project will help identify, fix vulnerabilities in virtualized environments
SecureWorks Unveils Research on Spamming Botnets
News  |  4/9/2008  | 
Research firm contends that newly revealed 'Kraken' bot army is actually an older botnet
Symantec Chairman Calls for Information-Centric Approach to Security
News  |  4/9/2008  | 
Enterprises need to identify and protect sensitive information as it moves, Thompson says
RSA: Chertoff Likens U.S. Cyber Security To 'Manhattan Project'
News  |  4/8/2008  | 
The Homeland Security secretary calls for beefing up the cyberdefenses of federal agencies and making sure all of them can respond to threats around the clock.
Windows Vista SP1 Installation Bug Fixed, Microsoft Says
News  |  4/8/2008  | 
The fix applies to Microsoft's Servicing Stack Update for Vista SP1, which users need to install before downloading SP1.
RSA Session Features Live Linksys Router Hack
News  |  4/8/2008  | 
Researcher Dan Kaminsky plans a live demo to show a DNS rebinding attack in action
DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats
News  |  4/8/2008  | 
Homeland Security secretary Michael Chertoff says federal government and industry need to do more
Coviello: Security's a Drag on Business
News  |  4/8/2008  | 
RSA exec says more than 80% of businesses have shied away from innovation due to security concerns
Microsoft Details Security Features in Internet Explorer 8
Quick Hits  |  4/8/2008  | 
IE8 Beta 1 will be available to consumers this summer
RSA: EMC Says It's Time To 'Think Differently About Security'
News  |  4/7/2008  | 
EMC executive Art Coviello calls on Congress to pass a national data breach notification law, so that companies don't have to deal with the various 40 state data breach laws.
New Massive Botnet Twice the Size of Storm
News  |  4/7/2008  | 
400,000-strong 'Kraken' botnet has infiltrated 50 Fortune 500 companies -- and now usurps Storm as world's biggest botnet
Cisco, RSA Partner to Secure Data in Motion, at Rest
News  |  4/7/2008  | 
Partnership leverages data loss prevention framework unveiled by RSA last week
'Digital Trust Barometer' Is Falling
Quick Hits  |  4/7/2008  | 
More than a fifth of users have already fallen victim to online fraud
New Crimeware-as-a-Service Market Thriving
News  |  4/7/2008  | 
Lets criminals get stolen information via a Web-based service that does the dirty work for them
Apple Issues QuickTime Security Fix
News  |  4/4/2008  | 
Apple patched 11 vulnerabilities, nine of which might have allowed an attacker to execute malicious code on a victim's machine.
U.S. Health Agency Forbids Sensitive Data On Apple MacBooks
News  |  4/4/2008  | 
Employees who store medical records on laptops must use systems that run either on Microsoft's Windows operating system or Linux.
Inconvenient Lack of Truth
News  |  4/4/2008  | 
We'll never be able to fix our security problems until we start truthfully sharing breach information
'Transient' Hacks Become Attackers' New Favorites
News  |  4/4/2008  | 
Some attackers now prefer making quick, precision strikes on a Website to evade detection -- and then moving on to another one
Study: Cell Phone Talkers Need to Shut Up
Quick Hits  |  4/4/2008  | 
Vodafone research shows all that yammering in public places may lead to loss of business and personal data
Random Search Stops $600 Million In Trade Secrets Bound For China
News  |  4/3/2008  | 
The feds have indicated a software engineer who was flying to China with confidential technical documents, a thumb drive, four external hard drives, 29 recordable compact discs, and a videotape.
Microsoft Plans Five 'Critical' Security Updates For Windows, Explorer
News  |  4/3/2008  | 
The fixes apply to Windows Vista, Windows XP, Windows 2000, Windows Server 2003, and Windows Server 2008.
Confident or Clueless? Majority of Americans Feel Safe Online
Quick Hits  |  4/3/2008  | 
Even as malware rises to epidemic proportions, users say 'no worries,' according to StopBadware.org poll
Enterprise Networks Rife With Unauthorized Apps, Study Says
News  |  4/3/2008  | 
Employees use variety of tactics to circumvent IT policies and misuse the corporate network
Halvar Flake: Reverse-Engineered
News  |  4/2/2008  | 
Security expert Thomas Dullien chats about Vikings, VCs, guinea pigs, and his flap with US Customs
Davidson Cos. Sued for Negligence in Data Breach
Quick Hits  |  4/2/2008  | 
Lawsuit confirms that companies can be held liable for failing to provide adequate security
RSA Takes Suite Approach to Data Leak Prevention
News  |  4/2/2008  | 
Next-gen technology can inspect data, classify it, and apply policies on how to secure it
A Peek at ISP DDOS, Spam Traffic Trends
News  |  4/1/2008  | 
An average of 1,300 distributed denial-of-service attacks hit each day, according to data from Arbor Networks's ISP customers
New Reality TV Show Pits Hackers Vs. Nature
Quick Hits  |  4/1/2008  | 
Britney to host series that challenges hackers to create exploits -- without tools
'Fight Club' Aims to Test Pornography Filters
News  |  4/1/2008  | 
Last year, it proved that antivirus products don't stop all viruses. Now Untangle prepares to show how much porn can escape 'safe' content filters
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...