Author

 John Bumgarner

Profile of John Bumgarner

Chief Technology Officer for the U.S. Cyber Consequences Unit
News & Commentary Posts: 2
John Bumgarner is Chief Technology Officer for the U.S. Cyber Consequences Unit, an independent, non-profit research organization that investigates the strategic and economic consequences of possible cyber attacks. He has work experience in information security, intelligence, psychological operations and special operations. During his career he has done work for various organizations in the U.S. government This work has taken him to more than 50 countries on 6 continents. He has been an expert security source for national and international news organizations, including Business Week, CNN, The Wall Street Journal and The Guardian in London. He has published articles in several leading security publications, including the journal of the Information System Security Association, the Homeland Security Journal and the Counter Terrorist magazine. He has spoken at various events, including the Cyber Conflict Policy and Legal conference in Estonia, the Information Assurance and Security in Defense conference in Brussels, the National Defense Industrial Association Cyber Security Symposium in the United States and at institutions such as the Center on Terrorism and Irregular Warfare, Naval Postgraduate School, Monterey, California. John is the author of the U.S. Cyber Consequences Unit's much-acclaimed definitive analysis of the August 2008 cyber campaign against Georgia. He is also the co-author with Scott Borg of the US-CCU Cyber Security Check List, which is currently being used by cyber security professions in over eighty countries. . John is featured in the International Spy Museum's "Weapons of Mass Disruption" cyber warfare exhibit in Washington, D.C. He has been a guest lecturer at the Fletcher School and the Naval Postgraduate School. Specialties:Certified Information Systems Security Professional (CISSP), GIAC Certified Advance Incident Handling Analyst (GCIH), NSA InfoSec Assessment Methodology (IAM) Certified, NSA InfoSec Evaluation Methodology (IEM) Certified, System Security Certified Practitioner (SSCP)
Articles by John Bumgarner
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.