Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

5/30/2017
08:00 AM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

Take Security Now's Vault 7 Survey

WannaCry was the first shot from the Vault 7 arsenal. When will we see the second shot?

While the world's attention has been focused on the WannaCry attacks, a few cyber-Cassandras have pointed out that there are scores, if not hundreds, of additional exploits and attacks listed in the WikiLeaks Vault 7 release. Oh, joy.

The question that arises for most IT and security professionals is when the next exploit detailed in Vault 7 will make itself known to the computing world. Some feel that the exploits could start coming with numbing regularity now that they're in the wild, while others think that they'll be used sparingly, strategically, by criminal and nation-state actors.

What do you think? Are we going to spend the next few weeks dealing with the next waves of the Vault 7 deluge or will there be a months-long (or even years-long) respite before we all have to panic anew? Security Now wants to know -- and we can think of no one better than our community to give us the final word on the matter.

If you haven't noticed over at the top of our right-hand column, we're currently conducting the first Security Now Highly Un-Scientific Poll. When you take the poll you'll see what the results are (so far) and be able to check your responses against those of your fellow community members.

Speaking of community, we're also interested in what you think about the whole Vault 7 release. Since we can't really poll on complex questions, use the comment section over on the poll to tell us your thoughts on how worried we should be -- and whether the NSA should have been stockpiling the vulnerabilities in the first place.

Polls will be a regular part of what we do here at Security Now. Let us know what you think we should ask the community -- keeping in mind that every poll will be just as scientific (and, we hope, just as interesting) as this one.

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20898
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20899
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20900
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
CVE-2019-20897
PUBLISHED: 2020-07-13
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...