Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in February 2009

Apple Drops Major Security Patch

2/12/2009
Apple today released a bevy of patches that, by my quick count, fix about 55 bugs in its flagship OS X operating system as well as Java. Fortunately, through Software Update, the patch updates for Java for Mac OS X 19.5 Update 3, and Security UPdate 2009-001, which total 47 MB, went smoothly for this user.

Post a Comment

Metasploit To (Almost) Go SaaS

2/9/2009
The Metasploit hacking tool is going the direction of many other IT security tools: it's going to be delivered, in part, as a service. But will corporate security managers upload critical data to a third party to test to see if it can be cracked?

Post a Comment

Startup May Just Digitize Your Wallet

2/8/2009
I despise having to carry paper. You also can add credit and ATM cards, driver's licenses, insurance cards -- all of this stuff we need to carry every day to that list, too. While we worry about hackers cracking retailers' Web sites and getting our credit card or financial information -- a lost wallet or purse can easily end up being a much bigger nightmare. A startup from Bend, Ore., believes it may have a solution.

Post a Comment

Cisco Warns Of Significant Wireless Vulnerability

2/5/2009
Cisco today warned its customers of vulnerabilities in its Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules, and Cisco Catalyst 3750 Integrated Wireless LAN Controllers gear. The four vulnerabilities, which are not related to one another, could enable attackers to escalate privileges on some equipment or launch sustained denial-of-service attacks.

Post a Comment

Targeted Attacks Keep Rolling

2/4/2009
There's a stealthy Trojan, named Bankpatch.com, that is circulating in Denmark. Unlike most Trojans, which aim to grab information from wherever they can, this one is targeting specific banks.

Post a Comment

Cost Of Data Breaches Keeps Going Up

2/2/2009
The costs associated with a data breach involving consumer records have been steadily rising, according to the Ponemon Institute's fourth annual study, Cost Of A Data Breach. The survey took a close look at 43 organizations that reported a breach in 2008 -- ranging from the loss of 4,200 records to more than 113,000.

Post a Comment

Video: Super Bowl Security

2/1/2009
There will be about 250,000 people in Tampa, Fla., for the Super Bowl today. And while the FBI has reported that there are no credible terror threats for the game, one bet you're guaranteed to win today is that security will be tight.

Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.