Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2007
Page 1 / 2   >   >>
Spammers Capitalize on Simpsons Movie
News  |  7/31/2007  | 
SPAMFighter finds spammers taking advantage of the release of The Simpsons movie to find live email addresses
Report: Rise in Web App Vulnerabilities
News  |  7/31/2007  | 
Cenzic released its Application Security Trends Report - Q2 2007
File Formats: A Moving Target
News  |  7/31/2007  | 
Which types of files are most in danger of attack? Experts - and attackers - frequently change their minds
Google Desktop: Too Risky?
News  |  7/31/2007  | 
Recently-exposed vulnerabilities leave many IT experts feeling queasy about using the search engine's latest feature
XSS Book Published
News  |  7/31/2007  | 
WhiteHat Security announced the availability of Jeremiah Grossman's book - Cross-Site Scripting Attacks: XSS Exploits and Attacks
Tool Stops XSS, SQL Injection Attacks
News  |  7/31/2007  | 
Core Labs researchers to release free tool to protect PHP-based Web apps
Researcher Barred From US
News  |  7/30/2007  | 
Renowned security expert Halvar Flake denied travel from Germany after his Black Hat presentation is found in search
BreakingPoint Offers Same-Day 0-Days
News  |  7/30/2007  | 
Startup to announce general availability of its new BPS-1000 testing tool, controversial vulnerability disclosure policy
BreakingPoint Systems Ships
News  |  7/30/2007  | 
BreakingPoint Systems launches next-generation network test equipment for content aware networks
Fighting Forensics
News  |  7/30/2007  | 
New research exploits vulnerabilities found in popular computer forensics tools
Survey: Zero-Day Bugs Biggest Concern
News  |  7/30/2007  | 
Zero-day vulnerabilities are the top security concern for the majority of IT professionals, according to a survey conducted by PatchLink
Black Hat: How to Hack IPS Signatures
News  |  7/30/2007  | 
Errata Security says attackers are already reverse-engineering IPS vendors' zero-day signatures like TippingPoint's to wage attacks, bypass IPSs
Anchiva Gets 750,000 Malware Signatures
News  |  7/30/2007  | 
Anchiva's Rapid RxLabs is now delivering over 750,000 signatures to detect and prevent malware from entering enterprise networks
Sipera to Demo New VOIP Exploit at Black Hat
News  |  7/30/2007  | 
Sipera Systems announced Sipera VIPER Lab will demonstrate a VOIP exploit at the Black Hat USA 2007 conference
Robot Genius Offers Free Anti-Malware Download
News  |  7/30/2007  | 
Robot Genius announced the availability of its new anti-malware download/plug-in, RGguard
iS3 Rolls Out Version 5.0 of STOPzilla
News  |  7/30/2007  | 
iS3 announced the availability of STOPzilla Version 5.0
Virtualization's New Benchmark
News  |  7/27/2007  | 
Consortium gives recommendations for securing emerging virtualized technology
Aflac Loses Data on 152,000
News  |  7/27/2007  | 
Company quacks 'fowl!' over theft of laptop in Japan
Attack of the Black Hats
News  |  7/27/2007  | 
Get ready, Vegas - with this crew in town, even the slot machines aren't safe
Open Source Bots
News  |  7/27/2007  | 
With most botnets based on open source, it may be time to rethink just what gets open-sourced
Third Parties Fumble Data Handoffs
News  |  7/26/2007  | 
Your company's data breach may result from a partner's mistakes
Startup to Take on PayPal
News  |  7/26/2007  | 
Pmints could go where PayPal won't, including porn and gambling
It's More Than JavaScript
News  |  7/26/2007  | 
There are lots of other ways an attacker can have fun with your Web applications
Startup Locks Down Mobile Linux
News  |  7/26/2007  | 
New version of mobile OS verifies apps, firmware, and encrypts data
Hacking Without Exploits
News  |  7/25/2007  | 
Researcher HD Moore to show at Black Hat and Defcon ways to hack a fully patched system
80% of Websites With Malware Are Legit
News  |  7/25/2007  | 
Sophos has published new research on the first six months of cybercrime in 2007
BigFix Upgrades AntiThreat
News  |  7/25/2007  | 
BigFix announced the availability of two new anti-malware solution packs designed to deliver IT
What DNS Pinning Means to You
News  |  7/25/2007  | 
Emerging vulnerability is widespread and tough to fix
Putting Security in the Trash
News  |  7/25/2007  | 
Emerging legislation puts the onus on companies to manage paper records - and how they dispose of them
New Tool Automates Spam
News  |  7/25/2007  | 
Cheap software promises to post 1,100 messages to Web forums in less than 15 minutes
Cigital, LeverPoint Team on Cigital India
News  |  7/24/2007  | 
Cigital has formed a partnership creating Cigital India with a recognized top performer in offshore outsourcing
Banks Lag in Strong Authentication
News  |  7/24/2007  | 
New study says majority of banks won't have multi-factor authentication until next year
Foundstone Engineering Head Joins Rapid7
News  |  7/24/2007  | 
Rapid7 announced that Foundstone's director of engineering, Christopher Moore, has joined the company as the new vice president of engineering
Help Wanted: ID Theft Victims
News  |  7/24/2007  | 
That online job recruiter may actually be a criminal trying to steal your personal data
Mi5 Adds Reseller Program
News  |  7/23/2007  | 
Mi5 Networks announced the Webgate Channel Partner Program for resellers looking to tap the market for Secure Web Gateways
Picture Your Password
News  |  7/23/2007  | 
Researchers are taking a look at graphical passwords, but the picture is still fuzzy on their effectiveness
Pointing to Danger
News  |  7/23/2007  | 
Researcher to show how dangling pointer flaws, long viewed as inconsequential, can be a path to serious infection
Aruba Acquires Network Chemistry Assets
News  |  7/23/2007  | 
Aruba Networks announced the acquisition of Network Chemistry's line of award-winning RFprotect and BlueScanner wireless security products
New Tool Eases CSRF Bug Discovery
News  |  7/20/2007  | 
Tool will show how widespread CSRF bugs are in Websites, researchers say
ID Management Gets Granular
News  |  7/20/2007  | 
New TNT software helps companies control access to critical data by user, device, and time of day
Research Run
News  |  7/20/2007  | 
Love 'em or hate 'em, security researchers open up whole new vistas on system vulnerability
Spam Changes Direction
News  |  7/19/2007  | 
While PDF and image-based attacks skyrocket, spammers quietly shift toward Europe
Trade Ya'
News  |  7/19/2007  | 
Looking out for the man-in-the-middle of your online stock trade
How to Land the Best Security Job
News  |  7/19/2007  | 
IT security recruiters speak out on the need for a breadth of technology experience and an understanding of the business side
SurfControl Safeguards Scout Jamboree
News  |  7/19/2007  | 
SurfControl is to provide Internet protection for 40,000 14- to 18-year-olds at the largest World Scout Jamboree
Hack Sneaks Past Firewall to Intranet
News  |  7/18/2007  | 
Black Hat researcher will demonstrate yet another way to use DNS pinning bug to get inside the corporate network
Leaks Found in Louisiana University Systems
News  |  7/18/2007  | 
Student uncovers 150 documents containing personal information on 80,000 individuals
Ounce Labs Sets Up Research Team
News  |  7/18/2007  | 
Ounce Labs, the industry leader in software risk management, announced the formation of an Advanced Research Team (ART)
Sophos: Latest 'Dirty Dozen' Spam Relaying Countries
News  |  7/18/2007  | 
Sophos has published its latest report on the top 12 spam-relaying countries during the second quarter of 2007
Attackers Hide in Fast Flux
News  |  7/17/2007  | 
Storm and Warezov/Stration have already adopted an evil load-balancing and evasion technique that's tougher to detect
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4889
PUBLISHED: 2021-01-26
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
CVE-2020-4949
PUBLISHED: 2021-01-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...