Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in October 2007
Security Threats Meet Business Treats
Commentary  |  10/31/2007  | 
Having written so much about the horrors small and midsized businesses face for our two-part Halloween business terrors feature, I couldn't resist the temptation to give some thought to technology treats.
Free Security Tech Support: Treat Yourself (And Your Computer) On Halloween
Commentary  |  10/30/2007  | 
Security Company CyberDefender's offering free phone-in technical support for one day only -- and that day's tomorrow, October 31. How's that for a Halloween treat?
How Dumb Is Too Dumb To Operate a Computer?
Commentary  |  10/26/2007  | 
Over at GnuCitizen.org, Petko D. Petkov makes it clear that computer users are the weak link in Internet security. In a blog post, Petkov points out that the term "drive-by download," as defined by Wikipedia, doesn't quite work.
Net Security Woes Grows
Commentary  |  10/25/2007  | 
A new report that focuses on the security challenges facing small and midsized businesses shines a light on just how big those challenges are -- and which ones you may be overlooking.
Interop Winners: Desktop Conferencing, Deep Security
Commentary  |  10/25/2007  | 
It's a purely unscientific and anecdotal perspective, but here are my picks for most interesting and most needed technologies from Interop this week, plus the most startling stat I heard in my New York City travels.
Shallow Victory for the Federal Government
Commentary  |  10/25/2007  | 
Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.
World Series Ticketing System Crashes, Rebounds
Commentary  |  10/24/2007  | 
The Colorado Rockies were felled by "an external malicious attack" that crashed its online system Monday.
Internet Security Hall Of Shame
Commentary  |  10/22/2007  | 
What are the ten biggest -- and, alas, most common -- Internet security mistakes made by small and midisized businesses, their employees, vendors, family and friends?
Security Threats Rise -- And So Do Security Budgets
Commentary  |  10/19/2007  | 
Is your security budget increasing? Most small and midsized businesses are growing theirs.
Can The RIAA Close Down Usenet?
Commentary  |  10/18/2007  | 
Those of us who remember the Internet before the Web -- and yes, Virginia, there was an Internet before the Web -- will remember when Usenet was one of the major destinations for discussion and file-sharing. It's still there, in a quiet corner where the cognizanti hoped it would go unnoticed by the great unwashed. No more.
Personal Data Protection Legislation: Readers Have Their Say
Commentary  |  10/17/2007  | 
Reader comments on my post about the California governor's veto of a bill that would increase the state's data protection standards included some points warranting further discussion and some intriguing ideas. A related poll shows readers share my skepticism about businesses' will and capacity to fix the data loss problem.
Schwarzenegger Trusts Businesses To Protect Your Data; Do You?
Commentary  |  10/16/2007  | 
Gov. Arnold Schwarzenegger's veto of a California bill aimed at increasing the state's data protection standards, in part based on his view that the marketplace is handling consumer data protection, raises a troubling question: What planet is this guy living on?
Symantec To Buy Vontu?
Commentary  |  10/15/2007  | 
Symantec may be close to announcing the acquisition of Vontu, a company that helps businesses control information on their networks. Given that Symentec already licenses Vontu's data loss prevention technology, the rumored deal isn't entirely unexpected.
Mobile Security: The Data, Not The Notebook Is The Asset
Commentary  |  10/15/2007  | 
Stolen laptops and notebooks continue to get a lot of attention when a lot of confidential data gets stolen along with the device.
Employee Security: Don't Let Layoffs Go From Bad To Worse
Commentary  |  10/12/2007  | 
Layoffs, terminations and firings are never easy -- but they also shouldn't expose your company, network and equipment to more risk than they have to.
Microsoft Security Patches: 4 Critical, 2 Important
Commentary  |  10/10/2007  | 
Yesterday was Patch Day at Microsoft and a Big Day it was, with both Vista and Internet Explorer getting some fixes.
Security Costs: Are You Spending Enough? Too Much?
Commentary  |  10/9/2007  | 
The average company spends 20 percent of its technology budget on security. Does that finding match your security outlay?
Websense Emerging as Viable Security Supplier
Commentary  |  10/9/2007  | 
Are you a bit insecure about your security supplier? In this highly volatile marketplace, Websense is emerging as a vendor that medium and small businesses may want to take a closer look at.
Business Security Requires Network Security Requires Employee Security Requires Job Security
Commentary  |  10/8/2007  | 
The employee security I'm talking about here is your technical team's -- and your ability to hold onto them.
Network Security Problems? Blame The Boss!
Commentary  |  10/4/2007  | 
A recent pre-prison interview with a convicted hacker offers some surprising and important lessons in network and computer security.
Consumers May "Get" Cyber Security -- But That Doesn't Mean They've Got It
Commentary  |  10/3/2007  | 
More than 90 percent of consumers think their PCs -- and their computing habits -- are safe. Half of them are wrong.
Laptop Security: Mind The Gap
Commentary  |  10/1/2007  | 
More big retailer cyber security lessons for small to midsize businesses: This time a security gap hit The Gap.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.