Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in June 2006
Page 1 / 2   >   >>
Windows Flaw, Word Trojan Found
News  |  6/30/2006  | 
Microsoft is looking into another possible Windows hole, and a new Trojan rides in on Word docs
Group to Research ID Theft
News  |  6/29/2006  | 
Universities, law enforcement agencies, and vendors team to study fraud and identity theft
Cisco Seeks to Fill Security Gaps
News  |  6/28/2006  | 
Gaps between security products, and between IT and business groups, cause enterprise headaches, says Cisco's security CTO
Warning Users of Dangerous Clicks
News  |  6/28/2006  | 
MarkMonitor's buyout of Collective Trust could allow ISPs to warn users about dangerous clicks ahead
MarkMonitor Gets Collective Trust
News  |  6/28/2006  | 
MarkMonitor acquired CollectiveTrust to add their Zero-Hour fraud protection technology to MarkMonitor's anti-fraud solutions
AppSec Rolls Out Tool
News  |  6/27/2006  | 
Application Security announced immediate availability of a new PCI-DSS Toolkit
Startup Locks Down Apps
News  |  6/27/2006  | 
Firewall pioneer Pensak is behind another venture intent on hardening applications where they live
Mu Security Lands $10M
News  |  6/27/2006  | 
Mu Security announced the company has raised an additional $10 million in a Series B funding round
Symantec Bundles Security Services
News  |  6/26/2006  | 
Threat and Vulnerability Management Program blends security alerts with consulting
Fraud Monitoring Appliance on Tap
News  |  6/26/2006  | 
Cydelity appliance gives banks a detailed look at suspicious account activity
Lockdown Joins Microsoft Program
News  |  6/26/2006  | 
Lockdown announced the launch of its open iNAC architecture
Sensory, Vendors Partner
News  |  6/26/2006  | 
Sensory unveiled the industry's largest ecosystem of applications designed to run on Sensory's NodalCore acceleration platform
Data Loss Epidemic
News  |  6/23/2006  | 
Data losses at major corporations and government agencies are being reported almost every day now
Data Losses Hit Four More
News  |  6/22/2006  | 
The list of big-name organizations reporting security breaches just keeps growing
Sorry, No Naked World Cup
News  |  6/21/2006  | 
A new worm promises to show users photos of a nude soccer match, but it's a disappointing email address, sucker
New Phishing Exploits Emerge
News  |  6/21/2006  | 
Phishing experts are tracking a new school of exploits - and some of them are shark-scary
The Blue Flu?
News  |  6/21/2006  | 
It could be contagious for mobile devices, finds new survey of Bluetooth security
Microsoft Works Around Excel Bug
News  |  6/20/2006  | 
As Microsoft issues workarounds for last week's zero-day Excel attack, yet another hole is found in the spreadsheet program UPDATED 5:30 PM
Newcastle Uses Sealed
News  |  6/20/2006  | 
SealedMedia announced that Newcastle Building Society has chosen its software to protect the organisation's digitised intellectual capital
Thieves Nab AIG Customer Records
News  |  6/19/2006  | 
AIG is informing customers this week about the theft of a server containing personal data on about 970,000 customers
Google Site Hosts Trojan
News  |  6/19/2006  | 
The Google Pages Web hosting service was infected with a keylogger, but so far the impact has been light
Altera Provides Security
News  |  6/19/2006  | 
Altera announced the availability of a comprehensive Stratix II FPGA design security solution to protect IP
DC Workers' Personal Data Stolen
News  |  6/19/2006  | 
An unprotected laptop containing names, Social Security numbers, and other data on 13,000 District of Columbia employees was stolen last week
Social Engineering Gets Smarter
News  |  6/16/2006  | 
Good old-fashioned schmooze still the best way to get information and access, particularly if the target works in IT
Microsoft Vulnerabilities Hit Critical Levels
News  |  6/15/2006  | 
With patches out, Microsoft reveals critical vulnerabilities in Windows and associated apps
Desktop Ports: Leakage or Lockdown
News  |  6/14/2006  | 
Enterprises struggle to enforce security policies on thumb drives and other portable storage media
Hacked in Mid-Air
News  |  6/13/2006  | 
Flaw in next-gen air traffic control could let an attacker create as many as 50 phantom aircraft on the controller's screen
Barracuda Gets Bitten
News  |  6/13/2006  | 
Email was held up for a few hours today after spam firewall vendor inadvertently sent a bad virus definition
Microsoft Moves Security to 'Forefront'
News  |  6/12/2006  | 
Microsoft gives its security wares a bold new name and rolls out a new security gateway at Tech Ed 2006
Bug Hits Popular IP-PBX Apps
News  |  6/12/2006  | 
Asterisk PBX and IAXclient, two of the most popular open-source VOIP applications, are vulnerable to attack
Red Seal Gathers Up Risk Data
News  |  6/12/2006  | 
Less predictive in nature, the risk management box is supposed to help improve decision making when things go wrong
Microsoft Prepares to Patch Things Up
News  |  6/9/2006  | 
Microsoft gave a heads up on its latest security updates for Windows, IE, Office, and Exchange
Flaw Found in Linux Statistics App
News  |  6/9/2006  | 
Cross-site scripting vulnerability in a popular Linux log file app could lead to remote code execution
UTM Protects Children
News  |  6/9/2006  | 
Bullard Independent School District's Technology Director Lee Sleeper installed Lightspeed System's Total Traffic Control v6.0 in Mar '06
Futbol, You Bet
News  |  6/9/2006  | 
IT security managers are kind of like goalkeepers when it comes to protecting their networks and their companies from attacks and exploits
Sophos Method Used to Crack Trojan
News  |  6/8/2006  | 
The spyware tool in Sophos's new Endpoint Security product was built on the same 'genotyping' tech used to crack this week's 'ransomware' Trojan
Exploit Shares Results
News  |  6/8/2006  | 
Exploit Prevention Labs released findings from monthly survey to measure the rise of Internet-borne exploits and zero-day attacks
Deep-Packet Offerings Proliferate
News  |  6/8/2006  | 
Ellacoya, Sandvine join Allot in launching new tools for deep packet inspection
Vulnerability Crosses Browser Boundaries
News  |  6/8/2006  | 
A newly-reported flaw makes Internet Explorer and Mozilla browsers equally vulnerable
Two Charged in VOIP Hacking Scandal
News  |  6/8/2006  | 
Authorities say two men ran a wholesale VOIP business using allegedly fake codes to load call traffic onto unsuspecting VOIP networks
New Service Seeks Out Security Gaps
News  |  6/7/2006  | 
SekCheck has launched a new service that audits security infrastructures and compares them against those of other enterprises
Allot Goes Deep on Packets
News  |  6/7/2006  | 
Vendor's deep packet inspection lets service providers track user behavior
Rendezvous at Risk
News  |  6/7/2006  | 
Holes in Tibco's Rendezvous messaging middleware can leave applications vulnerable to denial-of-service attacks
Comodo Releases Monkey
News  |  6/7/2006  | 
Comodo announced the immediate availability of NOC Monkey 2.0 beta 1
Social Engineering, the USB Way
News  |  6/7/2006  | 
Those thumb drives can turn external threats into internal ones in two easy steps
Healthcare Firms Unite for Safety
News  |  6/7/2006  | 
The newly-formed eHealth Vulnerability Reporting Program brings together major healthcare companies in an effort to identify and eliminate security threats
At MedAvant, Security Helps Pay the Bills
News  |  6/7/2006  | 
Healthcare billing and payment processing company implements PortAuthority software to stop unauthorized traffic
NCircle, Cybertrust Team Up
News  |  6/6/2006  | 
Cybertrust will offer nCircle's vulnerability and risk management solutions and use nCircle IP360 profiling and scanning technology in its portfolio of services
StillSecure, Patchlink Partner
News  |  6/6/2006  | 
StillSecure partners with Patchlink to simplify end-to-end vulnerability lifecycle management
NCircle Debuts MSSP
News  |  6/5/2006  | 
NCircle announced today the debut of its Managed Security Service Provider (MSSP) Program
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...