Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2008
Page 1 / 2   >   >>
Most Security Breaches Go Unreported
News  |  7/31/2008  | 
An RSA survey found the e-mail-borne malware and phishing that affected 69% of respondents' companies, may not have led to serious consequences in every instance.
Startup Promises More Accurate Fraud Detection
News  |  7/31/2008  | 
Guardian Analytics's new 'fraud modeling' technology recognizes activity that goes outside user norm
Survey Highlights Telecommuter Troubles
Quick Hits  |  7/31/2008  | 
Telecommuting security, privacy risks often put on the back burner, according to a new survey by Ernst & Young
Phishing Kits Widely Compromised To Steal From Phishers
News  |  7/30/2008  | 
From 21 different distribution sites, the authors of the Usenix Conference paper identified 379 distinct phishing kits, 129 of which contained back doors.
The Real Dirt on Whitelisting
News  |  7/30/2008  | 
The choice for blacklisting versus whitelisting isn't really black and white
Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat
Quick Hits  |  7/30/2008  | 
A presidential 'playbook' for cyberware is among the issues under discussion by the group
Oracle Issues Alert For WebLogic Plugin Vulnerability
News  |  7/29/2008  | 
The exploit code was released July 17, two days after Oracle issued its second-quarter Critical Patch Update.
Most Malicious Code Launched From Legitimate Web Sites
News  |  7/29/2008  | 
The proliferation of user-generated content on popular Web 2.0 sites has opened the door for hackers to plant malware, says Websense report.
Hacking Without Exploits
News  |  7/29/2008  | 
Black Hat researchers will demonstrate how the bad guys are quietly raking in big bucks without ninja hacking skills, tools, or exploit code
Report: From Bug Disclosure to Exploit in 24 Hours
Quick Hits  |  7/29/2008  | 
New IBM ISS report shows fast and furious nature of Web browser vulnerability finds and attacks
Botnets Behind One Fourth of Click Fraud
Quick Hits  |  7/28/2008  | 
Click Fraud Index reports biggest surge of botnet-generated pay-per-click fraud to date in the second quarter
New Video Surveillance Technology 'Recognizes' Abnormal Activity
News  |  7/28/2008  | 
BRS software can establish 'normal' on-camera activity - and alert security staff when something unusual occurs
When Penetration Testers (Almost) Get Caught
News  |  7/25/2008  | 
Sometimes employees really do learn their physical security lessons
Ad Agency Keeps the Word From Spreading
News  |  7/25/2008  | 
Access control technology helps Arnold Worldwide protect client data, meet compliance requirements
Small & Mid-Sized Enterprises Living in La-La Land, Study Says
Quick Hits  |  7/25/2008  | 
Many smaller firms kid themselves that they're too little to be targets, McAfee study says
'Spam King' Escapes From Prison
News  |  7/24/2008  | 
Eddie Davidson remains at large after walking away from the Colorado prison where he was serving time for his role in spam scams.
San Francisco Computer Tech Set Booby Trap In City Network
News  |  7/24/2008  | 
Prosecutors say Childs set the network to delete numerous files during a scheduled maintenance of the system.
Report: Website Infection Rate Has Tripled Since 2007
Quick Hits  |  7/24/2008  | 
Malicious Web pages now exceed more than 16,000 per day, Sophos says
Details, Exploits of Web-Wide DNS Vulnerability Revealed
News  |  7/24/2008  | 
Kaminsky outlines flaw, says 'we're in serious trouble'; exploit code posted on Metasploit
Apple's iPhone Mail, Safari Apps Vulnerable To Attack
News  |  7/23/2008  | 
Apple's iPhone Mail and Safari apps under the iPhone 1.1.4 and 2.0 firmware are vulnerable to URL spoofing, a security researcher said Wednesday.
S.F. Computer Tech Gives Up Password To City Network
News  |  7/23/2008  | 
Terry Childs has been charged with four felony computer-tampering counts for allegedly locking out system administrators and supervisors from the city's servers.
Red Alert! DNS Flaw Revealed
News  |  7/23/2008  | 
Security researchers warn users to patch immediately, as technical details to exploit a widespread DNS vulnerability were disclosed online.
Researchers Raise Alarm Over New Iteration of Coreflood Botnet
News  |  7/23/2008  | 
Password-stealing Trojan is spreading like a worm - and targeted directly at the enterprise
Web-Wide DNS Vulnerability Leaked
Quick Hits  |  7/23/2008  | 
'Accidental' posting by researchers briefed on the flaw may lead to exploits today
Microsoft Releases Windows Home Server, Power Pack 1
News  |  7/22/2008  | 
The bug can corrupt files, such as applications, music tracks or digital photos, if they're transferred to a Windows Home Server unit equipped with two or more hard drives.
Online Safety, Privacy Tops Parents' Concerns
News  |  7/22/2008  | 
The survey of 1,035 adults, as well as 260 pairs of parents and teens, highlighted how little parents know about their teens' activities online.
Kaminsky to Give More Info on Super-Secret DNS Flaw
Quick Hits  |  7/22/2008  | 
Webinar on Thursday sets stage for comment on Halvar Flake's 'guess' on Web-wide vulnerability
'PhishMe' Tool Lets Businesses Spear-Phish Themselves
News  |  7/22/2008  | 
Web-based service generates self-inflicted targeted attacks to enlighten users, assess risk
Phish Your Colleagues With PhishMe
News  |  7/21/2008  | 
The software lets IT departments identify the most gullible message recipients so that they can be made to understand the error of their ways.
Bank Back On Hook For Data Theft At BJ's Wholesale
News  |  7/21/2008  | 
An appeals court reversed a lower court ruling absolving Fifth Third Bancorp from paying damages associated with replacing credit cards.
Report: Vulnerabilities Abound in Open-Source Environments
News  |  7/21/2008  | 
Enterprises should take care in adopting open-source technology, Fortify study says
President of Georgia's Site Under Attack
Quick Hits  |  7/21/2008  | 
Former Soviet republic could follow Estonia and Lithuania as the next target of Russian cyber attacks
RIM Fixes BlackBerry Enterprise Server Vulnerability
News  |  7/18/2008  | 
The flaw could let malicious PDFs cause problems with the BlackBerry Enterprise Server.
Suspect In Hijacking Of San Francisco Computer Network 'Willing To Cooperate'
News  |  7/18/2008  | 
The lawyer for Terry Childs, who has pleaded not guilty, said his client is willing to hand over the password to the city's computer network.
Researcher Offers Malware Analysis Tool
News  |  7/18/2008  | 
Proof-of-concept tool is more difficult for hackers to detect and evade than current malware analyzers
SF Net Hijacker Gives Up Passwords
Quick Hits  |  7/18/2008  | 
Former IT administrator says he's ready to give the keys back to the city
Microsoft Office Security Team Enlists Bots, Pen Tests
News  |  7/17/2008  | 
Office security gurus Tom Gallagher and David LeBlanc talk fuzzing, in-house hacking, Clippy, and why they'll miss XP (or not)
Report: Web-Borne Malware Up 278% This Year
Quick Hits  |  7/17/2008  | 
SQL injection attacks dominate first half of '08, and cross-site scripting (XSS) doesn't even make the list
Firefox 2 And 3 Get Security Fixes
News  |  7/16/2008  | 
One vulnerability could be used to execute remote code on a Firefox 2 user's machine and is considered critical.
San Francisco Computer System Hijacker Has Criminal Record
News  |  7/16/2008  | 
The computer engineer remains in jail, refusing to divulge the password he created to lock up the city government's computer system.
Report: Outsider Attacks Down, Insider Attacks Up
Quick Hits  |  7/16/2008  | 
Annual CA security report indicates fundamental shift in the nature of enterprise threats
Vulnerabilities Could Expose Broad Range of Java Apps
News  |  7/16/2008  | 
Newly discovered flaws in open-source framework could allow attackers to alter data or hijack Web applications
Jailed City Worker Allegedly Hijacks San Francisco's Computer System
News  |  7/15/2008  | 
The computer network administrator has been charged with computer tampering for allegedly creating a password that gave him exclusive access to the city's new wide area network.
Cybercrime, Cosa Nostra-Style
News  |  7/15/2008  | 
Finjan report paints insider picture of today's cybercrime organization
New Tool Provides 'Virtual' Database Patches
Quick Hits  |  7/15/2008  | 
Software buys database administrators time between vulnerability disclosure and patching
Google Search Security Mistaken For Censorship
News  |  7/14/2008  | 
By warning users of a hack on a net neutrality opponent's Web site, Google was accused of trying to silence critics of a policy it supports.
Europe Grants First Privacy Certification
News  |  7/14/2008  | 
EuroPriSe seal tells Web surfers that sites won't break rules regarding the use and storage of personal data or online behavior
Academic Portal Platform Fails Penetration Test
News  |  7/14/2008  | 
Researchers find vulnerabilities in popular open-source Moodle software that can lead to stolen tests, altered grades, or complete site takeover
Major Spanish Security Vendor Comes to America
News  |  7/11/2008  | 
Optenet's content security gateway to go up against Fortinet, Juniper, Websense, others
Texas Bank Dumps Antivirus for Whitelisting
News  |  7/11/2008  | 
Tired of AV and malware, First National Bank of Bosque County adopts application whitelisting instead
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.