Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2006
Page 1 / 2   >   >>
IPS Technology: Ready for Overhaul
News  |  8/31/2006  | 
Its current limitations might be frustrating, but IPS technology will evolve into smarter, more integrated security solution
Wireless Piggybackers Put on Notice
News  |  8/30/2006  | 
New California law encourages users to lock up WLANs, setting the stage for criminal action against hackers and piggybackers
Hacking Home WLANs
News  |  8/30/2006  | 
Don't forget to lock down your users' home WLANs
How Identity Theft Works
News  |  8/30/2006  | 
Ever wonder how hard it is to steal a person's identity? We did it in this penetration test, and we were surprised at just how easy it is
Top 10 Reasons Security Products Don't Work
News  |  8/29/2006  | 
Once users and vendors get past the finger-pointing, there's a lot they can do together to improve enterprise security
Authentium Warns
News  |  8/29/2006  | 
Authentium issued a warning against trusting free wireless access points located in airports and other public places
CipherOptics Removes Barriers
News  |  8/29/2006  | 
CipherOptics is poised to launch the industry's first 10 Gig IPsec encryption solution
When to Disclose
News  |  8/29/2006  | 
Researchers, vendors try to strike 'artful balance' between alerts and the actual patches for new bugs
Tripwire for Servers
News  |  8/29/2006  | 
Tripwire announced the latest version of Tripwire for Servers and Tripwire Manager
NextHop, AirTight Partner
News  |  8/29/2006  | 
NextHop and AirTight announced a marketing and technology partnership providing enhanced security and performance management
Nokia to Offer IPS
News  |  8/29/2006  | 
Nokia announces plans to offer Sourcefire's IPS on its portfolio of high-performance IP Security Platforms
Study: Rethink the Outsider Threat
News  |  8/28/2006  | 
DOJ data turns conventional wisdom on its head: Biggest enterprise threat is more than likely external
Metasploit Issues New Beta
News  |  8/28/2006  | 
Second beta of bug-discovery tool Metasploit 3.0 fixes Windows glitch, adds multi-host feature
Ponemon Unveils Study
News  |  8/28/2006  | 
Nearly two-thirds of security executives believe they have no way to prevent a data breach, according to the latest industry research
Oakley Intros Solution
News  |  8/28/2006  | 
Oakley Networks announced the immediate availability of CoreView, the company's network-based behavioral analysis solution
Holes Remain in SSL VPNs
News  |  8/25/2006  | 
SSL VPN products have gotten more secure in the past year, but the technology still isn't safe when users log on via third-party machines
Cisco Reports New Vulnerabilities
News  |  8/25/2006  | 
Firewalls, VPN 3000 Concentrator are at risk and in need of a fix, networking giant says
IBM Merger Gets Mixed Responses
News  |  8/24/2006  | 
Raise prices? Win more outsourced security? IBM-ISS deal leaves many wondering what Big Blue will do with its new prize
Fighting Spam With Spamalot
News  |  8/24/2006  | 
New software engages human side of spammers, dragging out correspondence and flooding them with duped messages and replies
Credit Union Taps Comodo
News  |  8/24/2006  | 
Indiana based FORUM Credit Union is deploying Comodo's S.A.F.E. solution to protect members from phishing and pharming attacks
Sophos Offers Free Tool
News  |  8/24/2006  | 
Sophos announced a new free-of-charge, standalone tool offering comprehensive rootkit detection and removal capabilities
Click Goes Your Ad Budget
News  |  8/23/2006  | 
Who's clicking on your company's Web ads? It's tough to tell the bots from prospective customers
Enterprises Still Not Sweet on Honeypots
News  |  8/23/2006  | 
Passive technology lacks preventive capability but might prove useful for tracking malicious internal activity
Debix Researches ID Theft
News  |  8/23/2006  | 
Debix announced new research showing forty percent of Fraud Alerts are not set properly
IBM Up-Ends Security Services Market
News  |  8/23/2006  | 
IBM's $1.3 billion buyout of ISS may signal large enterprises are more willing to embrace managed security services
Standard Could Unify Security Apps
News  |  8/22/2006  | 
ArcSight's proposed standards for log management, event reporting could get security apps onto the same page
Click Fraud: What IT Should Know
News  |  8/22/2006  | 
As fraud grows, more marketing execs are asking IT to ascertain who's really clicking online ads
IE Patch Created New Vulnerability
News  |  8/22/2006  | 
Patch issued earlier this month for Internet Explorer inadvertently introduced new hole
PowerPoint Trojan: Not Zero Day
News  |  8/22/2006  | 
The new PowerPoint Trojan that baffled researchers yesterday targets a known vulnerability
Intellinx, IDI Combat Threat
News  |  8/21/2006  | 
Intellinx, Information Design announced the launch of a campaign to promote the Intellinx solution for insider threat protection
RedSeal Intros Appliance
News  |  8/21/2006  | 
RedSeal Systems announced the general availability of its Security Risk Manager 3000 (SRM 3000) appliance
Startup Promises Critical-Site Analysis
News  |  8/21/2006  | 
New consulting firm will help 'national security-critical' sites evaluate physical and logical security
BigFix Expels Spyware
News  |  8/21/2006  | 
Using BigFix's AntiPest, Miami-Dade County Public Schools have cracked down on spyware on the district's 70,000 personal computers
Mu Enhances Analyzer
News  |  8/21/2006  | 
Mu Security announced that its Mu-4000 Security Analyzer now includes comprehensive Published Vulnerability Analysis (PVA) attack capabilities
Flaws Reported in Bank of America System
News  |  8/18/2006  | 
Sestus, rival to vendor of Bank of America's SiteKey authentication system, reports vulnerabilities in the Sitekey technology
The Real Threat to the Security Industry
News  |  8/18/2006  | 
Do IT departments and vendors need to inflate perception of the security threat in order to grow?
'Analog Hackers' Overlooked, Undetected
News  |  8/17/2006  | 
Many enterprises secure electronic access points but fail to see their own front doors as vulnerable
How Much Does a Hack Cost?
News  |  8/16/2006  | 
We're thinking of a number between $100,000 and $50 million; here's how to handicap your cost per incident a little more closely
Complaint Filed in AOL Blunder
News  |  8/16/2006  | 
Electronic Frontier Foundation files complaint with the FTC over the online service's exposure of customer search information
Cox Deploys Cloudmark
News  |  8/16/2006  | 
Cox Communications has deployed the Cloudmark Authority platform to combat spam and phishing for its broadband subscribers
Anti-Virus Market Grows
News  |  8/16/2006  | 
Top selling anti-virus solutions let in 80 percent of new malicious code, while Russian vendor Kaspersky keeps out 90 percent
Startup to Challenge Botnets
News  |  8/15/2006  | 
A stealth-mode company is working on a way to detect and interrupt the formation of botnets
Cambia, NCircle Partner
News  |  8/15/2006  | 
Cambia announced that nCircle has joined its technology partner program
SecureWave, Patchlink Team
News  |  8/15/2006  | 
SecureWave, a worldwide leader in endpoint security, today announced a partnership with PatchLink Corporation
Security, the Perfect Birthday Gift
News  |  8/14/2006  | 
The PC is much more powerful than it was 25 years ago, and way more vulnerable to attack
Bridging the Patch Gap
News  |  8/14/2006  | 
With patch times stretching to a week or more, enterprises struggle to put bars on an ever smaller window of attack
DOJ Locks Down DBs
News  |  8/14/2006  | 
Application Security announced that the United States DOJ is utilizing the company's vulnerability assessment scanner
Exploits Emerge for Microsoft Vulnerability
News  |  8/14/2006  | 
MS06-040, expected to be precursor to a major worm, may instead morph into a botnet
FCU Selects Comodo
News  |  8/14/2006  | 
Apple FCU has selected Comodo's new technology, VerificationEngine to protect members from phishing and pharming attacks
Anchiva Announces Program
News  |  8/14/2006  | 
Anchiva Systems announced its sales program for value added solution providers in North America
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40865
PUBLISHED: 2021-10-25
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x use...
CVE-2021-25977
PUBLISHED: 2021-10-25
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2021-35231
PUBLISHED: 2021-10-25
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHIN...
CVE-2021-38294
PUBLISHED: 2021-10-25
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVE-2021-40526
PUBLISHED: 2021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead t...