Comments
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
alfredoc.burgess
50%
50%
alfredoc.burgess,
User Rank: Apprentice
2/16/2018 | 11:41:15 PM
Managerial Accounting help
Thanx for sharing such useful post keep it up :)

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/30/2017 | 6:54:24 PM
Re: Authorization
@Dr.T: Sure, but Waldur Frey was the head of House Frey -- in effect, the CEO/Chairman.

Who's going to deny authorization to the CEO?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/30/2017 | 6:53:00 PM
Re: Spoiler alert
I once saw Zombie Ice Dragon open for Peter Frampton.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/29/2017 | 1:20:43 PM
Re: Wonderful Story about Patton
Of course, fearing the "trouble" from internal teams/people more than the "trouble" from outside threats/"enemies" can be quite dangerous for an organization's security posture. Shadow IT comes to mind -- particularly where employees are reluctant to self-report for fear of retribution up to and including termination.
Exabeam_Orion
50%
50%
Exabeam_Orion,
User Rank: Apprentice
8/29/2017 | 1:19:31 PM
Re: Spoiler alert
@ Joe - No, not really ice, but "Zombie Ice-Dragon" has a little "Je ne sais quoi".

It rolls off the tongue in ways that "Undead, ultra hot blue-fire breathing dragon" doesn't. ;)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/29/2017 | 1:03:40 PM
Re: Spoiler alert
@exabeam: Tons, I imagine.

1) Be ready for anything.

2) Beware the dangers of offensive security, a.k.a. "hacking back"

3) Prioritize and protect anything proprietary lest you suffer the ill effects of reverse engineering.

That's just off the top of my head!

Are they "ice"? I couldn't tell if it was ice, really hot blue fire, or a some kind of fire/ice combination.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:39:25 PM
machine learning
Machine learning is a great idea to to minimize insider threats, it would not be possible to identify it otherwise.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:37:45 PM
Re: Spoiler alert
"zombei ice dragons! " Yes, that is true, we may be able to apply the same analogy.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:36:49 PM
Re: Wonderful Story about Patton
"Don't bother that man anymore, he knows how to do his job." That makes sense. Awareness is the key.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:34:49 PM
Re: Spoiler alert
"possible theories as to what last episode's events might possibly be building up" Wondering the same things, this is a good analogy tough.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3914
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can s...
CVE-2018-3915
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can sen...
CVE-2018-11240
PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of S...
CVE-2018-11241
PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
CVE-2018-16784
PUBLISHED: 2018-09-21
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.