Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme
RSS
E-Mail

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in September 2008

End Users Lax With Company Data

9/30/2008
A new security study shows end users from around the world treat data and corporate systems with little respect for the potential consequences. When it comes to corporate data, which is actually often customer data, there's little regard for security.

Post a Comment

Mozilla Fixes Password Management Gaffe

9/28/2008
Just after Mozilla released Firefox version 3.0.02, which fixed a bevy of security problems, the foundation had to issue a notice to users about a flaw that could keep users from accessing and even creating passwords under some conditions.

Post a Comment

Senate Committee Approves Updated FISMA Bill

9/25/2008
The Senate Homeland Security and Government Affairs Committee just approved S.3474, which will update the Federal Information Security Management Act (FISMA), in the hope of lifting federal security efforts beyond what many have deemed a paperwork shuffle that does little to boost security.

Post a Comment

SEC Fines Wall Street Firm LPL

9/15/2008
The Securities and Exchange Commission took -- relatively -- harsh action against financial services firm LPL Financial for failing to protect its customer data. While the fine levied against LPL certainly isn't the most important news to break on Wall Street this week, it is the first step in what I hope is a long-term harsher stance taken by the SEC.

Post a Comment

UAE Bank Breach Spreads

9/13/2008
International investigators still aren't sure, or they're not saying, how criminals managed to generate counterfeit bank and credit cards of legitimate users and conduct fraudulent charges from about 20 countries.

Post a Comment

Password Crackers For Hire

9/12/2008
Earlier this week we wrote about how attackers are selling bogus security software suites to not only rip unsuspecting Web surfers off, but also infect their systems with malware. Now, an IBM researcher says many of those Webmail online password "recovery" services may actually be hackers for hire.

Post a Comment

XP Security 'Scareware' Scams Skyrocketing

9/10/2008
More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick -- and lucrative -- buck from bogus security applications. It's sad to see people get scammed from their money when they're seeking some level of protection from Internet threats -- but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking in hundreds of thousands a month doing so.

Post a Comment

Google Chrome Polishes Its First Security Update

9/8/2008
Last week, Google released its shiny new Chrome browser. However, before the week finished, Google also had to issue a patch for one of security's most common -- and most well-known to developers -- application security issues: a buffer overflow vulnerability that would make it possible for an attacker to completely take over your system.

Post a Comment

The Steady Rise Of Targeted Trojan Attacks

9/3/2008
Look before you click may be a good idea for a new IT security public awareness campaign. Consider the reports coming out of South Korea that North Korean spyware made it's way onto the computer of a S. Korean army Colonel. There's no reason why this can't happen to you.

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.