Advertise

Analytics

12/23/2007
06:15 AM

Tim Wilson, Editor in Chief, Dark Reading
Quick Hits

0 comments
Comment Now

50%

Wishing You a Happy, Safe Holiday

And no grinches in your stockings

In celebration of the holidays, Dark Reading and its parent company, CMP Technology, will be closed on Dec. 24 and Dec. 25, and will not be posting any new content.

Wherever you are, and whatever holiday you're celebrating this season, we hope you'll stay safe and secure over this next couple of days. We look forward to serving up the latest in IT security news to you when we return to the office on Dec. 26.

Just one bit of advice -- a good, solid concrete chimney guard will protect your perimeter from that pesky fireplace vulnerability. A roaring fire may also help, researchers say.

I wonder if that red-suited hacker could get in through Port 80?

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

ROI and Beyond for the Cloud

More Webcasts

White Papers

A Technical Deep Dive on Software Exploits

The Network for Whatever's Next; A CxO Guide

More White Papers

Reports

Special Report: Edge Computing: An IT Platform for the New Enterprise

DNS Network Traffic Volumes During the 2020 Pandemic

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

How to Better Secure Your Microsoft 365 Environment

Kelly Sheridan, Staff Editor, Dark Reading, 1/25/2021

Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short

Robert Lemos, Contributing Writer, 1/27/2021

Attackers Leave Stolen Credentials Searchable on Google

Kelly Sheridan, Staff Editor, Dark Reading, 1/21/2021

Webinars

Securing and Monitoring Networks in the 'New Normal'

What We Can Learn from Sports Analytics

Strategies for Success with Digital Transformation

Webinar Archives

White Papers

A Technical Deep Dive on Software Exploits

2020 Threat Hunting Report

Five Reasons to Protect your VPN with Multi-Factor Authentication

Top Threats to Cloud Computing: The Egregious 11

SANS Report: Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3331
PUBLISHED: 2021-01-27

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)

CVE-2021-3326
PUBLISHED: 2021-01-27

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVE-2021-22641
PUBLISHED: 2021-01-27

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

CVE-2021-22653
PUBLISHED: 2021-01-27

Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

CVE-2021-22655
PUBLISHED: 2021-01-27

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]