Slideshows
Content posted in August 2018
|
7 Steps to Start Searching with Shodan
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Why CISOs Should Make Friends With Their CMOs
A partnership between IT security and marketing could offer many benefits to each group — and to the entire enterprise.
6 Reasons Security Awareness Programs Go Wrong
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
7 Serious IoT Vulnerabilities
A growing number of employees have various IoT devices in their homes — where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
6 Eye-Raising Third-Party Breaches
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
10 Threats Lurking on the Dark Web
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
Mastering MITRE's ATT&CK Matrix
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
6 Ways DevOps Can Supercharge Security
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
|
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Narcissistic Security Disorder."
Latest Comment: "Narcissistic Security Disorder."
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-9209
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
From DHS/US-CERT's National Vulnerability Database CVE-2018-9209
PUBLISHED: 2018-11-19
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
CVE-2018-9207PUBLISHED: 2018-11-19
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2018-15759PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...
CVE-2018-17190PUBLISHED: 2018-11-19
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code ...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This