Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme
RSS
E-Mail

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in October 2009

Patch Your Firefox

10/27/2009
Mozilla just released 16 patches for vulnerabilities in Firefox. Eleven of the flaws are critical, and affect a number of components in the browser.

Post a Comment

UK Jobs Website Hacked

10/26/2009
The news site Guardian is warning members of its UK jobs site that the site has been breached, and that personal data may been snagged.

Post a Comment

Application Security Is National Security

10/23/2009
Hacks targeting U.S. government computers are coming from China. We knew that. The Chinese hackers are relying on zero-day software vulnerabilities to exploit critical systems. So, tell me again: why aren't we doing more to require applications be built secure from the start?

Post a Comment

Gumblar: Back With A Vengeance

10/20/2009
Earlier this year, the botnet Gumblar made a splash when it infected more than 2,300 Websites, including popular destinations such as Tennis.com, Variety, and Coldwellbanker.com. Now, security researchers say Gumblar is back in strength and is changing its tactics.

Post a Comment

Scammers Up The 'Rogueware' War

10/17/2009
Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.

Post a Comment

October's Scary Patch Tuesday

10/9/2009
Next Tuesday Microsoft plans to release 13 separate security bulletins that will cover more than 30 individual patches. More than half of the bulletins are ranked as "critical."

Post a Comment

Amazon Web Services DDoS Attack And The Cloud

10/7/2009
A suspected denial-of-service attack aimed at Amazon Web Services (AWS) this past weekend shut down a code hosting service for nearly 24 hours. I don't see this as a security issue specific to cloud computing, rather just another disruption to availability like all of the others.

Post a Comment

U.S. Government Set To Clamp Down on P2P Networks

10/6/2009
You've probably heard the horror stories around private and confidential files being exposed via peer-to-peer network sharing. Federal lawmakers are now stepping up their efforts to keep sensitive data from inadvertently leaking to the public.

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.