Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2006
Page 1 / 2   >   >>
Windows Flaw, Word Trojan Found
News  |  6/30/2006  | 
Microsoft is looking into another possible Windows hole, and a new Trojan rides in on Word docs
Group to Research ID Theft
News  |  6/29/2006  | 
Universities, law enforcement agencies, and vendors team to study fraud and identity theft
Cisco Seeks to Fill Security Gaps
News  |  6/28/2006  | 
Gaps between security products, and between IT and business groups, cause enterprise headaches, says Cisco's security CTO
Warning Users of Dangerous Clicks
News  |  6/28/2006  | 
MarkMonitor's buyout of Collective Trust could allow ISPs to warn users about dangerous clicks ahead
MarkMonitor Gets Collective Trust
News  |  6/28/2006  | 
MarkMonitor acquired CollectiveTrust to add their Zero-Hour fraud protection technology to MarkMonitor's anti-fraud solutions
AppSec Rolls Out Tool
News  |  6/27/2006  | 
Application Security announced immediate availability of a new PCI-DSS Toolkit
Startup Locks Down Apps
News  |  6/27/2006  | 
Firewall pioneer Pensak is behind another venture intent on hardening applications where they live
Mu Security Lands $10M
News  |  6/27/2006  | 
Mu Security announced the company has raised an additional $10 million in a Series B funding round
Symantec Bundles Security Services
News  |  6/26/2006  | 
Threat and Vulnerability Management Program blends security alerts with consulting
Fraud Monitoring Appliance on Tap
News  |  6/26/2006  | 
Cydelity appliance gives banks a detailed look at suspicious account activity
Lockdown Joins Microsoft Program
News  |  6/26/2006  | 
Lockdown announced the launch of its open iNAC architecture
Sensory, Vendors Partner
News  |  6/26/2006  | 
Sensory unveiled the industry's largest ecosystem of applications designed to run on Sensory's NodalCore acceleration platform
Data Loss Epidemic
News  |  6/23/2006  | 
Data losses at major corporations and government agencies are being reported almost every day now
Data Losses Hit Four More
News  |  6/22/2006  | 
The list of big-name organizations reporting security breaches just keeps growing
Sorry, No Naked World Cup
News  |  6/21/2006  | 
A new worm promises to show users photos of a nude soccer match, but it's a disappointing email address, sucker
New Phishing Exploits Emerge
News  |  6/21/2006  | 
Phishing experts are tracking a new school of exploits - and some of them are shark-scary
The Blue Flu?
News  |  6/21/2006  | 
It could be contagious for mobile devices, finds new survey of Bluetooth security
Microsoft Works Around Excel Bug
News  |  6/20/2006  | 
As Microsoft issues workarounds for last week's zero-day Excel attack, yet another hole is found in the spreadsheet program UPDATED 5:30 PM
Newcastle Uses Sealed
News  |  6/20/2006  | 
SealedMedia announced that Newcastle Building Society has chosen its software to protect the organisation's digitised intellectual capital
Thieves Nab AIG Customer Records
News  |  6/19/2006  | 
AIG is informing customers this week about the theft of a server containing personal data on about 970,000 customers
Google Site Hosts Trojan
News  |  6/19/2006  | 
The Google Pages Web hosting service was infected with a keylogger, but so far the impact has been light
Altera Provides Security
News  |  6/19/2006  | 
Altera announced the availability of a comprehensive Stratix II FPGA design security solution to protect IP
DC Workers' Personal Data Stolen
News  |  6/19/2006  | 
An unprotected laptop containing names, Social Security numbers, and other data on 13,000 District of Columbia employees was stolen last week
Social Engineering Gets Smarter
News  |  6/16/2006  | 
Good old-fashioned schmooze still the best way to get information and access, particularly if the target works in IT
Microsoft Vulnerabilities Hit Critical Levels
News  |  6/15/2006  | 
With patches out, Microsoft reveals critical vulnerabilities in Windows and associated apps
Desktop Ports: Leakage or Lockdown
News  |  6/14/2006  | 
Enterprises struggle to enforce security policies on thumb drives and other portable storage media
Hacked in Mid-Air
News  |  6/13/2006  | 
Flaw in next-gen air traffic control could let an attacker create as many as 50 phantom aircraft on the controller's screen
Barracuda Gets Bitten
News  |  6/13/2006  | 
Email was held up for a few hours today after spam firewall vendor inadvertently sent a bad virus definition
Microsoft Moves Security to 'Forefront'
News  |  6/12/2006  | 
Microsoft gives its security wares a bold new name and rolls out a new security gateway at Tech Ed 2006
Bug Hits Popular IP-PBX Apps
News  |  6/12/2006  | 
Asterisk PBX and IAXclient, two of the most popular open-source VOIP applications, are vulnerable to attack
Red Seal Gathers Up Risk Data
News  |  6/12/2006  | 
Less predictive in nature, the risk management box is supposed to help improve decision making when things go wrong
Microsoft Prepares to Patch Things Up
News  |  6/9/2006  | 
Microsoft gave a heads up on its latest security updates for Windows, IE, Office, and Exchange
Flaw Found in Linux Statistics App
News  |  6/9/2006  | 
Cross-site scripting vulnerability in a popular Linux log file app could lead to remote code execution
UTM Protects Children
News  |  6/9/2006  | 
Bullard Independent School District's Technology Director Lee Sleeper installed Lightspeed System's Total Traffic Control v6.0 in Mar '06
Futbol, You Bet
News  |  6/9/2006  | 
IT security managers are kind of like goalkeepers when it comes to protecting their networks and their companies from attacks and exploits
Sophos Method Used to Crack Trojan
News  |  6/8/2006  | 
The spyware tool in Sophos's new Endpoint Security product was built on the same 'genotyping' tech used to crack this week's 'ransomware' Trojan
Exploit Shares Results
News  |  6/8/2006  | 
Exploit Prevention Labs released findings from monthly survey to measure the rise of Internet-borne exploits and zero-day attacks
Deep-Packet Offerings Proliferate
News  |  6/8/2006  | 
Ellacoya, Sandvine join Allot in launching new tools for deep packet inspection
Vulnerability Crosses Browser Boundaries
News  |  6/8/2006  | 
A newly-reported flaw makes Internet Explorer and Mozilla browsers equally vulnerable
Two Charged in VOIP Hacking Scandal
News  |  6/8/2006  | 
Authorities say two men ran a wholesale VOIP business using allegedly fake codes to load call traffic onto unsuspecting VOIP networks
New Service Seeks Out Security Gaps
News  |  6/7/2006  | 
SekCheck has launched a new service that audits security infrastructures and compares them against those of other enterprises
Allot Goes Deep on Packets
News  |  6/7/2006  | 
Vendor's deep packet inspection lets service providers track user behavior
Rendezvous at Risk
News  |  6/7/2006  | 
Holes in Tibco's Rendezvous messaging middleware can leave applications vulnerable to denial-of-service attacks
Comodo Releases Monkey
News  |  6/7/2006  | 
Comodo announced the immediate availability of NOC Monkey 2.0 beta 1
Social Engineering, the USB Way
News  |  6/7/2006  | 
Those thumb drives can turn external threats into internal ones in two easy steps
Healthcare Firms Unite for Safety
News  |  6/7/2006  | 
The newly-formed eHealth Vulnerability Reporting Program brings together major healthcare companies in an effort to identify and eliminate security threats
At MedAvant, Security Helps Pay the Bills
News  |  6/7/2006  | 
Healthcare billing and payment processing company implements PortAuthority software to stop unauthorized traffic
NCircle, Cybertrust Team Up
News  |  6/6/2006  | 
Cybertrust will offer nCircle's vulnerability and risk management solutions and use nCircle IP360 profiling and scanning technology in its portfolio of services
StillSecure, Patchlink Partner
News  |  6/6/2006  | 
StillSecure partners with Patchlink to simplify end-to-end vulnerability lifecycle management
NCircle Debuts MSSP
News  |  6/5/2006  | 
NCircle announced today the debut of its Managed Security Service Provider (MSSP) Program
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40865
PUBLISHED: 2021-10-25
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x use...
CVE-2021-25977
PUBLISHED: 2021-10-25
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2021-35231
PUBLISHED: 2021-10-25
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHIN...
CVE-2021-38294
PUBLISHED: 2021-10-25
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...