Vulnerabilities / Threats

5/11/2016
10:00 AM
John Klossner
John Klossner
Cartoon Contest
100%
0%

Cartoon: It's A People Problem

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal. Web site: ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/13/2016 | 9:39:58 AM
Threat modeling
Well, as a threat model methodology, it's definitely way simpler than CVSS!
MitchellB686
50%
50%
MitchellB686,
User Rank: Apprentice
5/13/2016 | 9:08:39 AM
Work defined
As a government entity we define work as receiving monetary consideration not actually producing anything
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Typin' in my password. Somebody's shoulder surfin'. Woooh!
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11329
PUBLISHED: 2018-05-22
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wil...
CVE-2018-11363
PUBLISHED: 2018-05-22
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
CVE-2018-11364
PUBLISHED: 2018-05-22
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
CVE-2018-11365
PUBLISHED: 2018-05-22
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
CVE-2018-11339
PUBLISHED: 2018-05-22
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.