Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2007
Page 1 / 3   >   >>
Attackers Kill Anti-Fraud Site
News  |  9/28/2007  | 
Fraudwatchers.org buckles, collapses under weight of month-long denial-of-service attack
iHack With an iPhone
News  |  9/28/2007  | 
Your iPhone isn't just hot-looking - it's also a potential hacking weapon
Retail Security: No Sale
News  |  9/28/2007  | 
Despite harsh lessons at TJX and redoubled efforts by credit card companies to push PCI, customer data remains at risk
Bradford Networks' NAC Secures 1M Users
News  |  9/28/2007  | 
Bradford Networks' NAC secures 1M users during back-to-school rush
Akonix Publishes September IM Threat Report
News  |  9/28/2007  | 
Akonix's Threat Center tracks 33 IM attacks
CyberDefender Adds Remote Support
News  |  9/28/2007  | 
CyberDefender debuts new Internet security suites
Your Health Is None of Your Damn Business
Quick Hits  |  9/28/2007  | 
Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records
Microsofties Check Out Vulnerability Auction Site at Blue Hat
News  |  9/28/2007  | 
WabiSabiLabi participates in closed-door Microsoft summit of security researchers and Microsoft staff
Hackers Exploit Crisis in Burma
News  |  9/28/2007  | 
Email links to Dalai Lama's genuine Website, but attachment is malicious
Startup Wins License for Secure Biometrics Token
News  |  9/27/2007  | 
Technology promises to protect privacy of user whose biometric data is stolen or copied
Comodo Unveils Free Security Tools
News  |  9/27/2007  | 
Comodo helps consumers stay safe online with new Website visual trust indicator and free desktop security tools
Cybercriminals on Your Doorstep
News  |  9/27/2007  | 
Latest scams range from legit-looking auction sites to looking you in the eye while they steal your money
Malware Plays Defense
News  |  9/27/2007  | 
New exploits can tell when they're being sandboxed for analysis
Ounce Adds Classic ASP Support
News  |  9/27/2007  | 
Ounce Labs extends analysis capabilities with support for classic ASP
Virus, Phishing Rise in Sept.
News  |  9/27/2007  | 
2nd wave of C-Level targeted attacks with increased sophistication
Video Shows Hack of US Power Grid
Quick Hits  |  9/27/2007  | 
A graphic dramatization made for the Department of Homeland Security simulates potential impact of a cyberterrorist attack on utility grids
Many Retailers Will Not Make PCI Compliance Deadline
News  |  9/26/2007  | 
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Metasploit Adds iPhone Hacking Tools
News  |  9/26/2007  | 
Popular pen-test tool now comes with Apple iPhone payloads
Trend Micro Unveils TM Internet Security 2008
News  |  9/26/2007  | 
New Trend Micro Internet Security products strengthen personal information protection and deliver enhanced performance
Hackers Post Names, Credit Card Info on eBay
Quick Hits  |  9/26/2007  | 
Auction site says incident is a hack, not a leak
Watson SCS Offers Free IT Security Assessment
News  |  9/26/2007  | 
IBM partner Watson SCS offers complimentary IT security assessment
Peter Tippett to Keynote Tradeshow
News  |  9/26/2007  | 
Security pioneer from Verizon Business to keynote at virtual security tradeshow
Blue Lane Adds Support for VMware
News  |  9/26/2007  | 
Blue Lane delivers unmatched protection and network flow visibility for VMware Infrastructure 3 environments
Canadian Government Sheds Light On TJX Breach
News  |  9/25/2007  | 
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
Virtual Civil Disobedience
News  |  9/25/2007  | 
Now that n.runs has opened the floodgates by putting its hacking tool back online, who'll step up next?
VeriSign Flexes DNS Security Muscle
News  |  9/25/2007  | 
Internet DNS server host upgrades its infrastructure as DNS attacks continue to hammer the Net
TJX Proposes to Settle Customer Lawsuit for $6.5M
News  |  9/24/2007  | 
Customers promised a $30 voucher and a three-day discount sale
Shavlik Launches Free Google Gadget
News  |  9/24/2007  | 
Individual users can download free Google gadget for on demand patch assessment and remediation from Shavlik
Breach Security Adds App Defect Detection
News  |  9/24/2007  | 
New version of Breach Security's WebDefend Web application firewall adds passive vulnerability detection
Secure Computing Intros New WebWasher
News  |  9/24/2007  | 
Secure Computing releases next generation Web gateway security solution
Lessons From a Security Breach
News  |  9/24/2007  | 
A hack at Vertical Web Media helps show what to do in the event of a breach - and what not to do
P2P Leads to Major Leak at Citigroup Unit
Quick Hits  |  9/24/2007  | 
ABN Amro employee exposes personal data on 5,000 mortgagees by installing BearShare
FireEye Fans Anti-Botnet Flame
News  |  9/24/2007  | 
FireEye today is rolling out the latest in a series of anti-botnet offerings from security vendors
Security's School of Hard Knocks
News  |  9/21/2007  | 
Security pros share five of the toughest lessons they've ever learned, and they've got the scars to prove them
Researcher Raises Alarm Over PDFs
News  |  9/21/2007  | 
Adobe files could soon become attackers' favorite medium for malware delivery, experts say
Running the IR Gauntlet
News  |  9/21/2007  | 
There are lots of tools available for incident response, but they have flaws too
Signal Turns to Data Leak Protection
News  |  9/21/2007  | 
Signal Financial Credit Union's DLP architecture protects sensitive data - sometimes a little too well
TD Ameritrade Gambles and Loses
News  |  9/21/2007  | 
Brokerage company had all the warning signs of a breach last year, but held off disclosure in hopes of fixing the problem
Hackers Get the Lingo
Quick Hits  |  9/21/2007  | 
Lingo, a New Zealand VOIP service provider, accidentally sends out the email addresses of more than 14,000 customers
Five Signs That You're Under a Targeted Attack
News  |  9/20/2007  | 
Clues that your organization is in the bull's eye might be right under your nose
Security Problems Linger at VA
News  |  9/20/2007  | 
Despite highly publicized breach, Veterans Affairs' IT efforts still coming up short, according to GAO report
Cyber Law Cuts Two Ways
News  |  9/20/2007  | 
Regional laws - such as Minnesota's credit card data legislation - create both benefits and hardships
Radware Adds Protection Against Trojan
News  |  9/20/2007  | 
Radware issues immediate protection against the 'Gangsta.exe' trojan horse
Secure Elements, Grant Thornton LLP Team
News  |  9/20/2007  | 
Secure Elements announces joint marketing agreement with Grant Thornton LLP Global Public Sector
Reports: Threats More Sophisticated, More Costly Than Ever
News  |  9/19/2007  | 
Cybercrime has become a cottage industry, and companies are feeling it in their bank accounts, researchers say
Radware Offers Defense Against Gangsta
News  |  9/19/2007  | 
Radware issues immediate protection against the 'Gangsta.exe' trojan horse
ISPs Try on Anti-Botnet Services Model
News  |  9/19/2007  | 
Anti-botnet security services are on the rise, but ISPs still aren't coming over to clean up your machine
The Six Stages of Incident Response
News  |  9/19/2007  | 
Following these simple steps can help your organization handle a serious data breach
Mu Security Discovers DHCP Zero-Day
News  |  9/19/2007  | 
Mu Security discovers Dibbler DHCPv6 zero-day denial of service vulnerability
Hosting Vendor Suffers Major Security Breach
Quick Hits  |  9/19/2007  | 
Even the companies contracted to protect your data are losing it
Page 1 / 3   >   >>


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...