Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in July 2008
<<   <   Page 2 / 2
National 'Do Not Call' Registry Is Working, FTC Says
News  |  7/10/2008  | 
Commission pats itself on the back, but marketers and consumers are still holding the phone
Trojan Attacks Multimedia Files Stored on Hard Drives
News  |  7/10/2008  | 
Infected audio and video files show no signs of malware, but are lethal when shared with other users
'Blue Screen of Death' Masks Spyware Invasion
Quick Hits  |  7/10/2008  | 
Attack uses fake blue screen of death as cover to inject malware
New App Lets IT Find Porn on Users' PCs
Quick Hits  |  7/10/2008  | 
Thumb drive detector could also be used by police, parents
File Sharing Exposes Supreme Court Justice's Personal Information
News  |  7/9/2008  | 
An employee at an investment firm shared some files using LimeWire and exposed personal data associated with some 2,000 of the firm's clients, including Supreme Court Justice Stephen Breyer.
Security Community Cooperates To Fix 'DNS Poisoning'
News  |  7/9/2008  | 
Armed with knowledge of DNS transaction IDs, an attacker could reroute requests for certain Web sites to Web sites of his or her choosing or hijack e-mail.
Microsoft DNS Security Fix Knocks ZoneAlarm Users Offline
News  |  7/9/2008  | 
The vulnerability is widespread and affects products made by numerous networking and software vendors beyond Microsoft.
Congress Opens Debate on Behavioral Advertising
News  |  7/9/2008  | 
Businesses say tracking users' online behavior is a benefit; privacy advocates say it's a threat
FasTrak Toll Hacked, Exposing Privacy Dangers
News  |  7/9/2008  | 
Researcher finds electronic toll tag vulnerabilities in Black Hat 'Highway to Hell' research
P2P Hack Exposes Info on Top Judge
Quick Hits  |  7/9/2008  | 
Supreme Court justice is among 2,000 investment firm clients whose personal data was exposed via Limewire
Microsoft Patch Tuesday Brings Four Bulletins For Nine Flaws
News  |  7/8/2008  | 
Though a month without "critical" vulnerabilities and a low number of bulletins might suggest there's not much to worry about, researchers say Microsoft is downplaying the potential risks.
Shock Bracelet Considered For Airline Passengers, Border Control
News  |  7/8/2008  | 
The Department of Homeland Security has solicited a proposal from a Canadian security company to develop a stun bracelet.
Google's Gmail Blocks Phishers Sending Forged eBay, PayPal E-Mail
News  |  7/8/2008  | 
The free e-mail service says Gmail users who receive mail from the two heavily phished domains can feel confident that the messages are authentic.
iDefense Revamps Bucks for Bugs Contest
News  |  7/8/2008  | 
Changes aimed at making vulnerability research 'sexy' again, iDefense says
Vendors Issue Massive Simultaneous Patch for Common Internet Flaw
News  |  7/8/2008  | 
Design flaw in DNS protocols could have been used to redirect traffic across the Internet
Over 10M Bots Active Worldwide in Q2
Quick Hits  |  7/8/2008  | 
New report from Commtouch finds US bot count decreases, but Verizon is among the top 10 domains used for hosting zombies
Hackers to Face Off in Black Hat 'Iron Chef' Contest
News  |  7/7/2008  | 
Black hat stars don chefs' hats in hacking challenge
Russians Organizing 'Political Hack Force'
Quick Hits  |  7/7/2008  | 
Lithuanian attacks could be signal of actions to come
IBM Develops Audio Masking Technology To Protect Call Center Recordings
News  |  7/3/2008  | 
Using speech analytics, the technology identifies and masks credit card numbers and other sensitive information in audio recordings.
Privacy-Conscious Consumers Fight Back
Quick Hits  |  7/3/2008  | 
Many consumers are now resisting companies' requests for personal information, Canadian study says
iPhone Smackdown: Security vs. Consumerization
News  |  7/3/2008  | 
It's time to accept the fact that our consumer and business technology worlds are converging
Sony Confirms Pulling PS3 Firmware Update
News  |  7/2/2008  | 
The company released firmware 2.40 Tuesday, and reports of problems started flowing in soon after on the official PlayStation 3 message board.
California Expands Identity Theft Prosecution
News  |  7/2/2008  | 
State law now allows identity thieves to be tried in the victims' jurisdictions, rather than only in the places the crimes occur.
Sony PlayStation Site Hacked With 'Scareware'
News  |  7/2/2008  | 
The site runs a script that pretends to do an online security scan of your computer and presents a bogus warning message that your PC is infected with malware, researchers said.
Laptop Losses Total 12,000 Per Week at US Airports
News  |  7/2/2008  | 
Nearly 70% are never recovered; many go unreported
Insider Threat Doubles; New Program Offers Assessments
News  |  7/2/2008  | 
New data shows rapid growth of insider incidents; researchers launch pilot to assess an organization's insider threat risk
Citibank PIN Hack: Deja Vu
Quick Hits  |  7/2/2008  | 
Hack keeps coming back to haunt banking giant
U.S. Army Seeks Help Watching The Internet
News  |  7/1/2008  | 
The job involves monitoring and analyzing Web pages, blogs, chat rooms, and the like for possible threats to U.S. interests and forces.
PCI Standards Expanded to Include Unattended Devices
News  |  7/1/2008  | 
New specs respond to emerging threats posed at kiosks, ATM devices
New DLP Startup Performs 'DNA Sequencing' of Data
News  |  7/1/2008  | 
nexTier Networks promises more automated, simplified approach to data leak prevention
McAfee's Great Spam Experiment, Unplugged
Quick Hits  |  7/1/2008  | 
Many spam messages sent to participants in the study were phishing emails or contained malware or links to malware-ridden sites
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...