Getting Safe, Smart & Secure on S3
7/11/2018AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
Post a Comment
Author
Profile of Eric Thomas
Director of Cloud, ExtraHop Member Since: 6/13/2017Author
News & Commentary Posts: 2
Comments: 4
Eric Thomas serves as director of cloud for IT analytics company ExtraHop. Prior to taking this role, Eric led the ExtraHop professional services team, and draws on over 20 years of experience in IT operations. Before joining ExtraHop, Eric performed a variety of operational roles, most recently as director of advanced engineering for Thomson Reuters, where he led a team of performance and availability specialists, supporting over 200 applications representing $2 billion in annual revenue. His prior experience includes enterprise IT management, SaaS production operations, and next-generation technology advocacy.
Articles by Eric Thomas
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
Post a Comment
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
6/22/2017As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
Post a Comment
White Papers
Video
2 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.
Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-13435
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This