Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2008
Page 1 / 2   >   >>
New DoS Attack Is a Killer
Commentary  |  9/30/2008  | 
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Study: Routine Misbehavior by End Users Can Lead to Major Data Leaks
News  |  9/30/2008  | 
Many end users don't understand the risks associated with breaking company security policies, report says
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
News  |  9/30/2008  | 
Cybercriminals split the attack cycle into pieces that may appear unrelated in order to evade detection
Microsoft, Washington State Launch Legal Assault On Scareware
News  |  9/29/2008  | 
The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.
CSRF Flaws Found on Major Websites
News  |  9/29/2008  | 
Princeton University researchers reveal four sites with cross-site request forgery flaws and unveil tools to protect against these attacks
Yahoo! Japan Auctions Compromised, Report Says
News  |  9/29/2008  | 
Thieves may have accessed Web auction site as many as 1.5 million times since May
Theft at RAF Facility Endangers Personal Data of 50,000
Quick Hits  |  9/29/2008  | 
Data on British air force hard drives wasn't encrypted; old facility 'wasn't that secure,' reports say
'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins
News  |  9/26/2008  | 
The flaw affects Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera and could trick a user into clicking on content from another page.
Portrait Of A Computer Forensic Examiner
News  |  9/26/2008  | 
While data can be recovered from any computer, expert Ives Potrafka believes that corporate IT departments have far less control over what happens on PCs used for work.
Adobe PDF Reader Vulnerable, U.S. CERT Warns
News  |  9/26/2008  | 
The government's standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.
Survey: Virtually No Security in Enterprises' Virtual Systems
Quick Hits  |  9/26/2008  | 
Enterprise survey shows few companies have secured their virtual environments
New ID Theft Service Crawls the Web on Consumers' Behalf
News  |  9/26/2008  | 
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale
Tiger Team Member Attacks Developers, Not Apps
News  |  9/25/2008  | 
Expert shows how he can get into a Web app without touching the application itself
Sarah Palin E-Mail Hacking Grand Jury Returns No Indictment
News  |  9/24/2008  | 
A Tennessee Democratic state representative's son was linked last week to involvement in the breach of the Republican vice presidential candidate's Yahoo Mail account.
Shadowserver to Build 'Sinkhole' Server to Find Errant Bots
News  |  9/24/2008  | 
New initiative will emulate IRC, HTTP botnet traffic
Many PC Users Remain Unaware of Security, Privacy
Quick Hits  |  9/24/2008  | 
More than a tenth of users don't know whether they have an antivirus, firewall; majority don't know what privacy settings they're using
For US Enterprises, Computer Crime Starts at Home
News  |  9/23/2008  | 
Despite perceptions about overseas hackers, attacks increasingly emanate from domestic sources, studies say
Phony Pop-Up Warning Messages Dupe Most Users
News  |  9/23/2008  | 
New research from NC State University shows how even savvy users fall for malicious system error messages
Man Indicted for Hacking & Blackmailing Luxury Automaker
Quick Hits  |  9/23/2008  | 
Sixty-year-old hacker threatened Maserati North America with exposing his theft of customer data from carmaker's Website
'Profiler' Hacks Global Hacker Culture
News  |  9/23/2008  | 
Former notorious Italian hacker releases initial results of research identifying different types of hackers and their behaviors on and offline
US-Based Malware Network Shuts Down
News  |  9/22/2008  | 
Network that served large numbers of hackers is no longer in service, observers say
Employees Still Flouting Security Policies, Study Says
Quick Hits  |  9/22/2008  | 
Three in 10 enterprises say their business' security is being compromised by personal use of corporate systems
Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity
News  |  9/19/2008  | 
A recent Unisphere survey found 20% of respondents anticipated some kind of data security breach over the coming year.
Sarah Palin E-Mail Hacker Tied To Tennessee Democrat
News  |  9/19/2008  | 
Department of Justice investigators have declined to comment on the status of the Palin e-mail investigation.
Experts: US Is Not Prepared to Handle Cyber Attacks
News  |  9/19/2008  | 
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come
Research: Porn Is Losing Its Steam
Quick Hits  |  9/19/2008  | 
Separate reports both say lurid material no longer rules Web traffic trends
Palin's 'Hacker' Tells How He Did It
Quick Hits  |  9/18/2008  | 
Hacker claiming to have broken into Republican VP candidate Sarah Palin's Yahoo email account reportedly used low-tech research and a little social engineering
Porn Operators Hijack Pages on AARP Website
News  |  9/18/2008  | 
Multi-pronged attack shows weakness in custom content management systems, researcher says
Hacking Tool Lets You Target Your Own End Users
News  |  9/18/2008  | 
New open-source attack platform that performs email-based Web attacks debuts next week at OWASP conference
Zero-Day Exploit Code For Apple iTunes, QuickTime Posted
News  |  9/17/2008  | 
The vulnerability in Apple's newly patched software is said to crash any browser with the QuickTime plug-in.
Free 'Trojan-Proof' Password Tool Released for Windows
News  |  9/17/2008  | 
Beta virtual keyboard software aims to ward off password-sniffing Trojans, malware
Antivirus Vendors Push Toward Cloud Computing
News  |  9/17/2008  | 
Key elements of software now being delivered on a software-as-a-service basis
House Passes Identity Theft & Restitution Act
Quick Hits  |  9/17/2008  | 
Senate to consider bill that addresses data theft, use of keyloggers and spyware
Microsoft to Share Its Secure Development Blueprint, Threat Modeling Tool
Quick Hits  |  9/16/2008  | 
Customers, third-party developers can use Microsoft's model for writing more secure software - for free
Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred
News  |  9/16/2008  | 
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack
DHS Report Says Leave Laptops At Home
News  |  9/15/2008  | 
The federal agency said anyone who brings their computer or cell phone out of the country is risking privacy and data security violations.
Hackers Deface CERN's 'Big Bang' Particle Accelerator Site
News  |  9/15/2008  | 
As scientists began testing CERN's Large Hadron Collider last week, hackers made a mockery of the European lab's network security.
Snort Turns 10, Sourcefire Goes Virtual
News  |  9/15/2008  | 
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort
Lost Computer Exposes Data of 22,000 at Intuit
Quick Hits  |  9/15/2008  | 
Software company's loss was one of many resulting from burglary at HR outsourcing firm
Report: Unauthorized Apps Run Rampant on Many Enterprise Networks
News  |  9/15/2008  | 
Detailed analysis of traffic on 60 enterprise networks finds broad usage of software that isn't sanctioned by IT
Study: Hotel Networks Put Corporate Users at Risk
News  |  9/12/2008  | 
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks
CookieMonster Can Steal HTTPS Cookies
News  |  9/11/2008  | 
The Python-based tool actively gathers insecure SSL information and records that as well as normal HTTP cookies to Firefox-compatible cookie files.
Enterprises Struggle to Identify Sources of Risk
News  |  9/11/2008  | 
Security remains top priority, but businesses wrestle with business case, BT study says
New 'On/Off Switch' Protects RFID Cards From Hacks
News  |  9/11/2008  | 
Technology would let cardholders activate RFID transmission only when card goes through a reader
Online Death Certificates Dropped Amid ID Theft Fears
Quick Hits  |  9/11/2008  | 
Large Arizona county no longer posts public-record death certificates on its Website
Flying Phish Hooks Schools of Employees
News  |  9/11/2008  | 
Penetration test proves many workers can still be easily fooled
IBM Unveils Hardware-Based Encryption Tool
News  |  9/10/2008  | 
System x Vault protects data when a server's hard drive is disposed or stolen, without affecting server performance.
Home Security Gets A Web Makeover
News  |  9/10/2008  | 
Forget the closet control panel, today's Internet- and smartphone-enabled home security systems allow browser-based management, SMS updates, live video feeds, and money-saving DIY options.
Most Companies Believe Their Sensitive Data Is at Risk
Quick Hits  |  9/10/2008  | 
Enterprises recognize the threat of data theft, Finjan research study says
'Password Recovery' Services May Be Hackers for Hire
News  |  9/10/2008  | 
Services that promise to help you find your lost passwords may make their living by cracking the passwords of others, IBM researcher says
Page 1 / 2   >   >>

COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...