Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme
RSS
E-Mail

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in April 2009

Cloud Security Needs Its Rainmaker

4/29/2009
The Cloud Security Alliance (CSA) made its inaugural splash at last week's RSA Security Conference 2009 in San Francisco. The group kicked off an ambitious white paper that attempts to define everything from the architecture of cloud services to the impact of cloud services on litigation and encryption. It was a herculean effort to try to get this off the ground. And there is still much more work to do -- especially in the one area the group left out.

Post a Comment

Federal Reserve IT Analyst Arrest Highlights Internal Threat

4/28/2009
I've always had a pick with the trite and hackneyed marketing hype among IT security vendors who repeated the "insiders conduct the most attacks," or "Insiders are the greatest risk." This most recent arrest stokes the debate that was rekindled with the recent release of Verizon Business' 2009 Data Breach Investigations Report.

Post a Comment

Just Because Security Budget Takes A Hit, Doesn't Mean Security Has To

4/28/2009
At last week's RSA Conference in San Francisco, there was as much talk about the economy as there was on IT security. And while the show appeared to pull a healthy number of attendees, at times the show floor seemed filled with more vendor reps and consultants, than IT buyers. But a few studies released last week show while vendor's may like to hype fear, the infosec economy certainly isn't all gloom and doom.

Post a Comment

Social Networks A New Security Frontline

4/23/2009
USA Today ran an interesting story about how cybercriminals are using social media in greater numbers to attack users. What started as a trickle last year has quickly sprung to an open fire hydrant, as criminals turn to low-paid grunts to crack captchas.

Post a Comment

NSA Does Not Want To Lead U.S. Cybersecurity Efforts. This Is Good News

4/21/2009
Lt. Gen. Keith Alexander told a packed security audience here at the RSA Conference 2009 that the National Security Agency wants to help support the nation's critical IT security infrastructure efforts as part of a "team" effort. And that the NSA isn't interesting in the job of running the security of the critical IT security infrastructure.

Post a Comment

Get Ready To Patch

4/13/2009
Organizations need to prep for a pretty significant set of patches that are scheduled to be rolling out from Redmond tomorrow. It's the most security patch updates from Microsoft in nearly six months.

Post a Comment

Black Hat Europe: Interesting InfoSec Research Ahead (Be Afraid)

4/11/2009
I always enjoy the Black Hat sessions. The conference leans much more on the technical side of things, more so than the humungous brochure-fest known as RSA. Black Hat Europe is next week April 14th through 17th. And while I won't be able to (unfortunately) attend, there's a number of sessions I wouldn't miss if I was able to hope a flight to Amsterdam.

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.