Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2008
Page 1 / 2   >   >>
New DoS Attack Is a Killer
Commentary  |  9/30/2008  | 
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Study: Routine Misbehavior by End Users Can Lead to Major Data Leaks
News  |  9/30/2008  | 
Many end users don't understand the risks associated with breaking company security policies, report says
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
News  |  9/30/2008  | 
Cybercriminals split the attack cycle into pieces that may appear unrelated in order to evade detection
Microsoft, Washington State Launch Legal Assault On Scareware
News  |  9/29/2008  | 
The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.
CSRF Flaws Found on Major Websites
News  |  9/29/2008  | 
Princeton University researchers reveal four sites with cross-site request forgery flaws and unveil tools to protect against these attacks
Yahoo! Japan Auctions Compromised, Report Says
News  |  9/29/2008  | 
Thieves may have accessed Web auction site as many as 1.5 million times since May
Theft at RAF Facility Endangers Personal Data of 50,000
Quick Hits  |  9/29/2008  | 
Data on British air force hard drives wasn't encrypted; old facility 'wasn't that secure,' reports say
'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins
News  |  9/26/2008  | 
The flaw affects Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera and could trick a user into clicking on content from another page.
Portrait Of A Computer Forensic Examiner
News  |  9/26/2008  | 
While data can be recovered from any computer, expert Ives Potrafka believes that corporate IT departments have far less control over what happens on PCs used for work.
Adobe PDF Reader Vulnerable, U.S. CERT Warns
News  |  9/26/2008  | 
The government's standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.
Survey: Virtually No Security in Enterprises' Virtual Systems
Quick Hits  |  9/26/2008  | 
Enterprise survey shows few companies have secured their virtual environments
New ID Theft Service Crawls the Web on Consumers' Behalf
News  |  9/26/2008  | 
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale
Tiger Team Member Attacks Developers, Not Apps
News  |  9/25/2008  | 
Expert shows how he can get into a Web app without touching the application itself
Sarah Palin E-Mail Hacking Grand Jury Returns No Indictment
News  |  9/24/2008  | 
A Tennessee Democratic state representative's son was linked last week to involvement in the breach of the Republican vice presidential candidate's Yahoo Mail account.
Shadowserver to Build 'Sinkhole' Server to Find Errant Bots
News  |  9/24/2008  | 
New initiative will emulate IRC, HTTP botnet traffic
Many PC Users Remain Unaware of Security, Privacy
Quick Hits  |  9/24/2008  | 
More than a tenth of users don't know whether they have an antivirus, firewall; majority don't know what privacy settings they're using
For US Enterprises, Computer Crime Starts at Home
News  |  9/23/2008  | 
Despite perceptions about overseas hackers, attacks increasingly emanate from domestic sources, studies say
Phony Pop-Up Warning Messages Dupe Most Users
News  |  9/23/2008  | 
New research from NC State University shows how even savvy users fall for malicious system error messages
Man Indicted for Hacking & Blackmailing Luxury Automaker
Quick Hits  |  9/23/2008  | 
Sixty-year-old hacker threatened Maserati North America with exposing his theft of customer data from carmaker's Website
'Profiler' Hacks Global Hacker Culture
News  |  9/23/2008  | 
Former notorious Italian hacker releases initial results of research identifying different types of hackers and their behaviors on and offline
US-Based Malware Network Shuts Down
News  |  9/22/2008  | 
Network that served large numbers of hackers is no longer in service, observers say
Employees Still Flouting Security Policies, Study Says
Quick Hits  |  9/22/2008  | 
Three in 10 enterprises say their business' security is being compromised by personal use of corporate systems
Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity
News  |  9/19/2008  | 
A recent Unisphere survey found 20% of respondents anticipated some kind of data security breach over the coming year.
Sarah Palin E-Mail Hacker Tied To Tennessee Democrat
News  |  9/19/2008  | 
Department of Justice investigators have declined to comment on the status of the Palin e-mail investigation.
Experts: US Is Not Prepared to Handle Cyber Attacks
News  |  9/19/2008  | 
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come
Research: Porn Is Losing Its Steam
Quick Hits  |  9/19/2008  | 
Separate reports both say lurid material no longer rules Web traffic trends
Porn Operators Hijack Pages on AARP Website
News  |  9/18/2008  | 
Multi-pronged attack shows weakness in custom content management systems, researcher says
Palin's 'Hacker' Tells How He Did It
Quick Hits  |  9/18/2008  | 
Hacker claiming to have broken into Republican VP candidate Sarah Palin's Yahoo email account reportedly used low-tech research and a little social engineering
Hacking Tool Lets You Target Your Own End Users
News  |  9/18/2008  | 
New open-source attack platform that performs email-based Web attacks debuts next week at OWASP conference
Zero-Day Exploit Code For Apple iTunes, QuickTime Posted
News  |  9/17/2008  | 
The vulnerability in Apple's newly patched software is said to crash any browser with the QuickTime plug-in.
Free 'Trojan-Proof' Password Tool Released for Windows
News  |  9/17/2008  | 
Beta virtual keyboard software aims to ward off password-sniffing Trojans, malware
Antivirus Vendors Push Toward Cloud Computing
News  |  9/17/2008  | 
Key elements of software now being delivered on a software-as-a-service basis
House Passes Identity Theft & Restitution Act
Quick Hits  |  9/17/2008  | 
Senate to consider bill that addresses data theft, use of keyloggers and spyware
Microsoft to Share Its Secure Development Blueprint, Threat Modeling Tool
Quick Hits  |  9/16/2008  | 
Customers, third-party developers can use Microsoft's model for writing more secure software - for free
Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred
News  |  9/16/2008  | 
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack
DHS Report Says Leave Laptops At Home
News  |  9/15/2008  | 
The federal agency said anyone who brings their computer or cell phone out of the country is risking privacy and data security violations.
Hackers Deface CERN's 'Big Bang' Particle Accelerator Site
News  |  9/15/2008  | 
As scientists began testing CERN's Large Hadron Collider last week, hackers made a mockery of the European lab's network security.
Snort Turns 10, Sourcefire Goes Virtual
News  |  9/15/2008  | 
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort
Lost Computer Exposes Data of 22,000 at Intuit
Quick Hits  |  9/15/2008  | 
Software company's loss was one of many resulting from burglary at HR outsourcing firm
Report: Unauthorized Apps Run Rampant on Many Enterprise Networks
News  |  9/15/2008  | 
Detailed analysis of traffic on 60 enterprise networks finds broad usage of software that isn't sanctioned by IT
Study: Hotel Networks Put Corporate Users at Risk
News  |  9/12/2008  | 
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks
CookieMonster Can Steal HTTPS Cookies
News  |  9/11/2008  | 
The Python-based tool actively gathers insecure SSL information and records that as well as normal HTTP cookies to Firefox-compatible cookie files.
Enterprises Struggle to Identify Sources of Risk
News  |  9/11/2008  | 
Security remains top priority, but businesses wrestle with business case, BT study says
New 'On/Off Switch' Protects RFID Cards From Hacks
News  |  9/11/2008  | 
Technology would let cardholders activate RFID transmission only when card goes through a reader
Online Death Certificates Dropped Amid ID Theft Fears
Quick Hits  |  9/11/2008  | 
Large Arizona county no longer posts public-record death certificates on its Website
Flying Phish Hooks Schools of Employees
News  |  9/11/2008  | 
Penetration test proves many workers can still be easily fooled
IBM Unveils Hardware-Based Encryption Tool
News  |  9/10/2008  | 
System x Vault protects data when a server's hard drive is disposed or stolen, without affecting server performance.
Home Security Gets A Web Makeover
News  |  9/10/2008  | 
Forget the closet control panel, today's Internet- and smartphone-enabled home security systems allow browser-based management, SMS updates, live video feeds, and money-saving DIY options.
Most Companies Believe Their Sensitive Data Is at Risk
Quick Hits  |  9/10/2008  | 
Enterprises recognize the threat of data theft, Finjan research study says
'Password Recovery' Services May Be Hackers for Hire
News  |  9/10/2008  | 
Services that promise to help you find your lost passwords may make their living by cracking the passwords of others, IBM researcher says
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.