Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in September 2008

End Users Lax With Company Data

9/30/2008
A new security study shows end users from around the world treat data and corporate systems with little respect for the potential consequences. When it comes to corporate data, which is actually often customer data, there's little regard for security.

Post a Comment

Mozilla Fixes Password Management Gaffe

9/28/2008
Just after Mozilla released Firefox version 3.0.02, which fixed a bevy of security problems, the foundation had to issue a notice to users about a flaw that could keep users from accessing and even creating passwords under some conditions.

Post a Comment

Senate Committee Approves Updated FISMA Bill

9/25/2008
The Senate Homeland Security and Government Affairs Committee just approved S.3474, which will update the Federal Information Security Management Act (FISMA), in the hope of lifting federal security efforts beyond what many have deemed a paperwork shuffle that does little to boost security.

Post a Comment

SEC Fines Wall Street Firm LPL

9/15/2008
The Securities and Exchange Commission took -- relatively -- harsh action against financial services firm LPL Financial for failing to protect its customer data. While the fine levied against LPL certainly isn't the most important news to break on Wall Street this week, it is the first step in what I hope is a long-term harsher stance taken by the SEC.

Post a Comment

UAE Bank Breach Spreads

9/13/2008
International investigators still aren't sure, or they're not saying, how criminals managed to generate counterfeit bank and credit cards of legitimate users and conduct fraudulent charges from about 20 countries.

Post a Comment

Password Crackers For Hire

9/12/2008
Earlier this week we wrote about how attackers are selling bogus security software suites to not only rip unsuspecting Web surfers off, but also infect their systems with malware. Now, an IBM researcher says many of those Webmail online password "recovery" services may actually be hackers for hire.

Post a Comment

XP Security 'Scareware' Scams Skyrocketing

9/10/2008
More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick -- and lucrative -- buck from bogus security applications. It's sad to see people get scammed from their money when they're seeking some level of protection from Internet threats -- but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking in hundreds of thousands a month doing so.

Post a Comment

Google Chrome Polishes Its First Security Update

9/8/2008
Last week, Google released its shiny new Chrome browser. However, before the week finished, Google also had to issue a patch for one of security's most common -- and most well-known to developers -- application security issues: a buffer overflow vulnerability that would make it possible for an attacker to completely take over your system.

Post a Comment

The Steady Rise Of Targeted Trojan Attacks

9/3/2008
Look before you click may be a good idea for a new IT security public awareness campaign. Consider the reports coming out of South Korea that North Korean spyware made it's way onto the computer of a S. Korean army Colonel. There's no reason why this can't happen to you.

Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
CVE-2020-13758
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
CVE-2020-9291
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVE-2019-15709
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVE-2020-13695
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.