Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Tom LaSusa
RSS
E-Mail

Profile of Tom LaSusa

News & Commentary Posts: 8
Articles by Tom LaSusa

Happy Data Privacy Day!

1/28/2008
We're less than a week away from finding out whether Punxsutawney Phil predicts six more weeks of winter. While we wait for him to make his annual weather forecast, we've got time to squeeze in another holiday. You may not be as familiar with this one -- there's no parades, gift-giving or time off from work. Frankly, it's a shame we have to acknowledge it at all. But it's a testament of the kind of world we live in. Today is Data Privacy Day.

Post a Comment

Brit Posts Bank Account Number, Gets Hacked

1/10/2008
The world is filled with daredevils: bungee jumpers, mountain climbers, those crazy guys who get chased by bulls in Spain. However, none of those thrill-seekers hold a candle to British columnist/TV celebrity Jeremy Clarkson. Fearless to the core, Mr. Clarkson decided to publish his own personal bank account number in the paper, confident that no one would be able to do anything with it.

Post a Comment

Let's Raise The Stakes For Data Loss Culpability

1/4/2008
After a year of unbelievable (and in some cases incomprehensible) data loss among corporations both big and small, I propose we adopt a brand-new catchphrase for 2008. To borrow somewhat from culinary personality Emeril Lagasse: It's time to kick the penalties up a notch.

Post a Comment

Need For Security Looming Larger In 2008

12/20/2007
Hey, great news! Everyone's finally starting to take data security seriously. It only took what, countless thefts, misplaced laptops, unprotected networks, greedy employees, a lack of policies, and the threats of massive and costly legalities to get us all on board?


Post a Comment
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375
PUBLISHED: 2021-04-18
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376
PUBLISHED: 2021-04-18
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377
PUBLISHED: 2021-04-18
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.