Jeff.schilling - Dark Reading

Network Computing Dark Reading

Advertise

About Us

Member Since: December 1, 2014

Author

Blog Posts: 16

Posts: 18

Profile for Jeff.schilling
Content by Jeff.schilling
Saved by Jeff.schilling

As Chief Security Officer at FireHost, Jeff Schilling (Col., rtd.) is responsible for the cyber and physical security programs for the corporate environment and customer hosted capabilities. Jeff retired from the US Army after 24 years of service in July 2012. In his last assignment, he was Director of the Army's global Security Operations Center under US Army Cyber Command, where he was responsible for synchronizing the global security operations/monitoring and incident response for over 1 million computer systems, on 350 wide-area networks, supporting all Army organizations in more than 2,500 locations.

Hot Topics

Editors' Choice

Japan Cyber Minister Says He Has Never Used a Computer

Dark Reading Staff 11/15/2018

RIP, 'IT Security'

Kevin Kurzawa, Senior Information Security Auditor, 11/13/2018

Empathy: The Next Killer App for Cybersecurity?

Shay Colson, CISSP, Senior Manager, CyberClarity360, 11/13/2018

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

Outsmart Malware

10 Best Practices That Could Reshape Your IT Security Department

Malware Review Q2-Q3 2018

Taking Control of Vendor Risk: A 6-Step Approach

4 Support Teams That Embraced Mobile

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I spy, you spy, we all spy...a spy...

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Online Malware and Threats: A Profile of Today's Security Posture

This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!

Download Now!

The Risk Management Struggle

0 comments

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-19367
PUBLISHED: 2018-11-20

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

CVE-2018-19335
PUBLISHED: 2018-11-20

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-19334
PUBLISHED: 2018-11-20

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-10099
PUBLISHED: 2018-11-20

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

CVE-2018-17906
PUBLISHED: 2018-11-19

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.

Terms of Service
Privacy Statement
Legal Entities