Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in August 2008
Page 1 / 2   >   >>
Who Infected the International Space Station?
Quick Hits  |  8/29/2008  | 
W32.Gammima.AG found on orbiting network, but nobody's saying how it got there
Bank's Lost Backup Tapes Contained IDs of 12 Million Clients
News  |  8/29/2008  | 
Headcount for Bank of New York Mellon's lost backup tapes rises from 4.2 million to 12 million personal identities
Best Western CIO Scott Gibson On The Data Breach That Wasn't
News  |  8/28/2008  | 
Gibson has been dealing with a small data breach that somehow snowballed into eight million records stolen and tagged as "one of the most audacious cyber-crimes ever."
Report: Email Address Dictates Spam Volume
News  |  8/28/2008  | 
The first letter of your email address is one factor in your spam risk, a researcher says
Feds Shift Gears & Mandate DNSSEC for All Agencies
Quick Hits  |  8/28/2008  | 
US government takes a harder line on securing DNS infrastructure, but DNSSEC still hotly debated
NASA Security Badge Poses Safety Risk
News  |  8/27/2008  | 
The badge's metal clasps, if installed backwards, will become a projectile when the badge is opened creating a potential eye injury hazard.
Virus Found On Computer In Space Station
News  |  8/27/2008  | 
Citing security policies, NASA would not disclose details about how the virus got on a laptop on the International Space Station.
Spammers Use 'Hijacked' Babies To Lure Victims
News  |  8/27/2008  | 
The social engineering campaign includes an attached file, purportedly a photo of the recipient's child, but which is, of course, malware.
The 'Poor Man's Traffic Intercept'
News  |  8/27/2008  | 
A weakness in the Border Gateway Protocol makes the Internet's core infrastructure look about as watertight as a screen door.
Report: Popular Web Attacks Go Stealth
News  |  8/27/2008  | 
Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
Hack Lets Researchers Silently Eavesdrop on IP Networks
Quick Hits  |  8/27/2008  | 
New twist on an old BGP routing vulnerability could change the face of data theft, researchers say
FAA Computer Glitch Causes National Flight Delays
News  |  8/26/2008  | 
The problems began when an Atlanta facility that processes flight plan information went down due to a software malfunction, FAA officials said.
Online Pharmacy Risks Rising, Report Finds
News  |  8/26/2008  | 
Criminals are trying to take advantage of consumer interest in low-cost medicines by offering counterfeit drugs and spamming to drive sales at online pharmacies.
The Seven Deadliest Social Networking Hacks
News  |  8/26/2008  | 
Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
User Buys Millions of Bank Records (& a PC) on eBay
Quick Hits  |  8/26/2008  | 
Used computer reveals sensitive customer data that should have been wiped clean, eBay buyer says
This Year's Data Breaches Surpass 2007 Totals
News  |  8/25/2008  | 
The rising number of reported data breaches in the last eight months may just mean corporate security auditors are better at finding compromised systems, ITRC researchers suggest.
8 Million-Record Data Breach Claim 'Grossly Unsubstantiated,' Says Best Western
News  |  8/25/2008  | 
The hotel chain says that only 13 customer records may have been exposed, not the millions that a Scotland newspaper reported.
Best Western Denies Report of Massive Data Breach
News  |  8/25/2008  | 
Scottish newspaper says flaw exposed personal records of 8M hotel chain customers since 2007; Best Western says report is 'grossly unsubstantiated'
Fedora, Red Hat Servers Compromised
Quick Hits  |  8/25/2008  | 
Popular Linux implementation will require changes in signing keys
Memory Stick With 84,000 Prisoner Records Lost In U.K.
News  |  8/22/2008  | 
U.K. Home Secretary Jacqui Smith blames PA Consulting, a contractor that stored the data on the memory stick in violation of its contract.
Life Insurer Takes New Approach to Two-Factor Authentication
News  |  8/22/2008  | 
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
ID Theft Ringleader Gets Three Days in Jail
Quick Hits  |  8/22/2008  | 
Man convicted of leading Canada's largest identity theft conspiracy is virtually sentenced to time served
FEMA's Phone System Hacked
News  |  8/21/2008  | 
Someone with unauthorized access placed over 400 calls through FEMA's National Emergency Training Center in Emmitsburg, Md. to several countries in the Middle East.
DNS Flaw Used To Poison Chinese ISP's Server
News  |  8/21/2008  | 
China Netcom subscribers who mistype a Web address are redirected to a page with malicious code.
Is This the End of the Pre-Recorded Telemarketing Call?
News  |  8/21/2008  | 
New FTC rules redefine consumers' privacy rights
Device Shields Implant Patients From 'Body Hacking'
Quick Hits  |  8/21/2008  | 
Cloaking device can prevent pacemakers from remote tampering, hacking
Security Researcher Defends Plan To Release Gmail Hacking Tool
News  |  8/20/2008  | 
The software could affect many SSL-secured Web sites, including Amazon, Facebook, Gmail, addons.mozilla.org, most Drupal sites, and many online merchants and banks.
Judge Lifts Gag Order On Student Subway Hackers
News  |  8/20/2008  | 
Massachusetts Bay Transit Authority had tried to prevent MIT students from discussing security flaws in Boston's transit fare card system.
Rival Botnets Share a Common Bond, Researchers Find
News  |  8/20/2008  | 
But world's biggest botnets Rustock and Srizbi remain autonomous
Linux Users Speculate Over Fedora Outage
Quick Hits  |  8/20/2008  | 
Could the popular Red Hat Linux implementation have been breached? Fedora's architects aren't telling
Princeton Review Security Flaw Outed By Competitor
News  |  8/19/2008  | 
One file reportedly contained information about 34,000 students and another contained names and birth dates of 74,000 students.
Free Spear-Phishing Tool on Tap
News  |  8/19/2008  | 
Open source tool aimed at penetration testers lets them customize phishing attacks on their organizations
Princeton Review Exposes Data on More Than 100,000 Students
News  |  8/19/2008  | 
Website configuration error left data accessible for seven weeks
Online Crime Map 'UCrime' Illustrates Campus Incidents
News  |  8/18/2008  | 
The Baltimore startup provides real-time data about the date, time, location, and type of crime on campuses.
Attacks Continue on Retail Stores, Restaurants
News  |  8/18/2008  | 
Criminals exploit wireless vulnerabilities, social engineering to collect large volumes of customer data
Spear Phishing Attack Unleashes 1.5M Spam Messages
Quick Hits  |  8/18/2008  | 
New Zealand university is exploited after convincing ruse fools four staffers
Hat World Tops Off EVDO Rollout With Security
News  |  8/15/2008  | 
Retailer initially found EVDO security solutions few and far between
LA Street Gangs Add ID Theft to Turf
Quick Hits  |  8/15/2008  | 
California sees surge in 'Crips,' 'Mexican Mafia,' and other gangs going into the identity theft business
New Tool Hacks the Psyche
News  |  8/14/2008  | 
Microsoft Blue Hat summit to feature proof-of-concept for extrapolating a user's emotional state based on his or her online postings
'Surf Jacking' Threatens Secure Browser Sessions
Quick Hits  |  8/14/2008  | 
Researcher launches proof of concept to show vulnerability in HTTPS
Is Wireless Really Worth It?
News  |  8/14/2008  | 
Wireless technology may be convenient, but it also introduces significant hassles - and risks
Startup Of The Week: Zscaler
News  |  8/13/2008  | 
Promising to replace a hodgepodge of security applications and appliances, entrepreneur Jay Chaudhry's new company offers security as a service.
Air Force Suspends 'Cyber Command' Program
News  |  8/13/2008  | 
The delay in the program does not necessarily mean the Cyber Command at Barksdale Air Force Base will not be created, but that could be one option, officials said.
VMware Issues Patch For Hypervisor Bug
News  |  8/13/2008  | 
CEO Paul Maritz apologized to customers and said VMware was determined to get to the bottom of the problem that caused virtual machines to refuse to start.
At Countrywide, One Overlooked PC Led to Loss of 2M Records
News  |  8/13/2008  | 
Insider used the one machine that hadn't been 'fixed' to prevent use of external storage devices
Stolen Wells Fargo Access Codes Threaten 7,000
Quick Hits  |  8/13/2008  | 
Thieves may have used credit reporting system to steal personal data
Amid Controversy, Outed Steroid Sites Still Online
News  |  8/13/2008  | 
Anti-fraud groups, US Internet registrars at odds over takedown of 'roid sites
Microsoft Stages 'Mammoth Patch Tuesday'
News  |  8/12/2008  | 
Counting vulnerabilities rather than bulletins, 17 of 26 are critical, the most since August 2006, according to Symantec researchers.
Researcher Wants To Charge Nokia, Sun For Phone Vulnerability
News  |  8/12/2008  | 
Polish researcher Adam Gowdiak said he's discovered 14 security issues with J2ME on Nokia handsets, but he's charging the vendors for full details.
Google Says Infected Spam Is Getting Worse
News  |  8/12/2008  | 
The company's Postini corporate e-mail security service reported that the volume of e-mail virus attacks peaked at almost 10 million on a single day.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and informat...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosu...
PUBLISHED: 2022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other ...