Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2007
Page 1 / 3   >   >>
Attackers Kill Anti-Fraud Site
News  |  9/28/2007  | 
Fraudwatchers.org buckles, collapses under weight of month-long denial-of-service attack
iHack With an iPhone
News  |  9/28/2007  | 
Your iPhone isn't just hot-looking - it's also a potential hacking weapon
Retail Security: No Sale
News  |  9/28/2007  | 
Despite harsh lessons at TJX and redoubled efforts by credit card companies to push PCI, customer data remains at risk
Bradford Networks' NAC Secures 1M Users
News  |  9/28/2007  | 
Bradford Networks' NAC secures 1M users during back-to-school rush
Akonix Publishes September IM Threat Report
News  |  9/28/2007  | 
Akonix's Threat Center tracks 33 IM attacks
CyberDefender Adds Remote Support
News  |  9/28/2007  | 
CyberDefender debuts new Internet security suites
Your Health Is None of Your Damn Business
Quick Hits  |  9/28/2007  | 
Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records
Microsofties Check Out Vulnerability Auction Site at Blue Hat
News  |  9/28/2007  | 
WabiSabiLabi participates in closed-door Microsoft summit of security researchers and Microsoft staff
Hackers Exploit Crisis in Burma
News  |  9/28/2007  | 
Email links to Dalai Lama's genuine Website, but attachment is malicious
Startup Wins License for Secure Biometrics Token
News  |  9/27/2007  | 
Technology promises to protect privacy of user whose biometric data is stolen or copied
Comodo Unveils Free Security Tools
News  |  9/27/2007  | 
Comodo helps consumers stay safe online with new Website visual trust indicator and free desktop security tools
Cybercriminals on Your Doorstep
News  |  9/27/2007  | 
Latest scams range from legit-looking auction sites to looking you in the eye while they steal your money
Malware Plays Defense
News  |  9/27/2007  | 
New exploits can tell when they're being sandboxed for analysis
Ounce Adds Classic ASP Support
News  |  9/27/2007  | 
Ounce Labs extends analysis capabilities with support for classic ASP
Virus, Phishing Rise in Sept.
News  |  9/27/2007  | 
2nd wave of C-Level targeted attacks with increased sophistication
Video Shows Hack of US Power Grid
Quick Hits  |  9/27/2007  | 
A graphic dramatization made for the Department of Homeland Security simulates potential impact of a cyberterrorist attack on utility grids
Many Retailers Will Not Make PCI Compliance Deadline
News  |  9/26/2007  | 
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Metasploit Adds iPhone Hacking Tools
News  |  9/26/2007  | 
Popular pen-test tool now comes with Apple iPhone payloads
Trend Micro Unveils TM Internet Security 2008
News  |  9/26/2007  | 
New Trend Micro Internet Security products strengthen personal information protection and deliver enhanced performance
Hackers Post Names, Credit Card Info on eBay
Quick Hits  |  9/26/2007  | 
Auction site says incident is a hack, not a leak
Watson SCS Offers Free IT Security Assessment
News  |  9/26/2007  | 
IBM partner Watson SCS offers complimentary IT security assessment
Peter Tippett to Keynote Tradeshow
News  |  9/26/2007  | 
Security pioneer from Verizon Business to keynote at virtual security tradeshow
Blue Lane Adds Support for VMware
News  |  9/26/2007  | 
Blue Lane delivers unmatched protection and network flow visibility for VMware Infrastructure 3 environments
Canadian Government Sheds Light On TJX Breach
News  |  9/25/2007  | 
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
Virtual Civil Disobedience
News  |  9/25/2007  | 
Now that n.runs has opened the floodgates by putting its hacking tool back online, who'll step up next?
VeriSign Flexes DNS Security Muscle
News  |  9/25/2007  | 
Internet DNS server host upgrades its infrastructure as DNS attacks continue to hammer the Net
TJX Proposes to Settle Customer Lawsuit for $6.5M
News  |  9/24/2007  | 
Customers promised a $30 voucher and a three-day discount sale
Shavlik Launches Free Google Gadget
News  |  9/24/2007  | 
Individual users can download free Google gadget for on demand patch assessment and remediation from Shavlik
Breach Security Adds App Defect Detection
News  |  9/24/2007  | 
New version of Breach Security's WebDefend Web application firewall adds passive vulnerability detection
Secure Computing Intros New WebWasher
News  |  9/24/2007  | 
Secure Computing releases next generation Web gateway security solution
Lessons From a Security Breach
News  |  9/24/2007  | 
A hack at Vertical Web Media helps show what to do in the event of a breach - and what not to do
P2P Leads to Major Leak at Citigroup Unit
Quick Hits  |  9/24/2007  | 
ABN Amro employee exposes personal data on 5,000 mortgagees by installing BearShare
FireEye Fans Anti-Botnet Flame
News  |  9/24/2007  | 
FireEye today is rolling out the latest in a series of anti-botnet offerings from security vendors
Security's School of Hard Knocks
News  |  9/21/2007  | 
Security pros share five of the toughest lessons they've ever learned, and they've got the scars to prove them
Researcher Raises Alarm Over PDFs
News  |  9/21/2007  | 
Adobe files could soon become attackers' favorite medium for malware delivery, experts say
Running the IR Gauntlet
News  |  9/21/2007  | 
There are lots of tools available for incident response, but they have flaws too
Signal Turns to Data Leak Protection
News  |  9/21/2007  | 
Signal Financial Credit Union's DLP architecture protects sensitive data - sometimes a little too well
TD Ameritrade Gambles and Loses
News  |  9/21/2007  | 
Brokerage company had all the warning signs of a breach last year, but held off disclosure in hopes of fixing the problem
Hackers Get the Lingo
Quick Hits  |  9/21/2007  | 
Lingo, a New Zealand VOIP service provider, accidentally sends out the email addresses of more than 14,000 customers
Five Signs That You're Under a Targeted Attack
News  |  9/20/2007  | 
Clues that your organization is in the bull's eye might be right under your nose
Security Problems Linger at VA
News  |  9/20/2007  | 
Despite highly publicized breach, Veterans Affairs' IT efforts still coming up short, according to GAO report
Cyber Law Cuts Two Ways
News  |  9/20/2007  | 
Regional laws - such as Minnesota's credit card data legislation - create both benefits and hardships
Radware Adds Protection Against Trojan
News  |  9/20/2007  | 
Radware issues immediate protection against the 'Gangsta.exe' trojan horse
Secure Elements, Grant Thornton LLP Team
News  |  9/20/2007  | 
Secure Elements announces joint marketing agreement with Grant Thornton LLP Global Public Sector
Reports: Threats More Sophisticated, More Costly Than Ever
News  |  9/19/2007  | 
Cybercrime has become a cottage industry, and companies are feeling it in their bank accounts, researchers say
Radware Offers Defense Against Gangsta
News  |  9/19/2007  | 
Radware issues immediate protection against the 'Gangsta.exe' trojan horse
ISPs Try on Anti-Botnet Services Model
News  |  9/19/2007  | 
Anti-botnet security services are on the rise, but ISPs still aren't coming over to clean up your machine
The Six Stages of Incident Response
News  |  9/19/2007  | 
Following these simple steps can help your organization handle a serious data breach
Mu Security Discovers DHCP Zero-Day
News  |  9/19/2007  | 
Mu Security discovers Dibbler DHCPv6 zero-day denial of service vulnerability
Hosting Vendor Suffers Major Security Breach
Quick Hits  |  9/19/2007  | 
Even the companies contracted to protect your data are losing it
Page 1 / 3   >   >>


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...