Attacks/Breaches

12/11/2017
09:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail

Post-Breach Carnage: Worst Ways The Axe Fell in 2017

Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
2 of 10

Don't Let the Door Hit Uber's CSO on the Way Out

Uber's massive data breach of 57 million accounts and its $100,000 effort to hire hackers came under the watch of already embattled former CEO Travis Kalanick, so this was a case where there was no chief executive to can as a result of poor security and unethical handling of subsequent problems. But you'd better believe somebody was getting shown the door, so it was hardly surprising when the company announced CSO Joe Sullivan and his deputy Craig Clark were given their pink slips for their role in this developing debacle.

(Image by Gang, via Adobe Stock)

Don't Let the Door Hit Uber's CSO on the Way Out

Uber's massive data breach of 57 million accounts and its $100,000 effort to hire hackers came under the watch of already embattled former CEO Travis Kalanick, so this was a case where there was no chief executive to can as a result of poor security and unethical handling of subsequent problems. But you'd better believe somebody was getting shown the door, so it was hardly surprising when the company announced CSO Joe Sullivan and his deputy Craig Clark were given their pink slips for their role in this developing debacle.

(Image by Gang, via Adobe Stock)

2 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375
PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376
PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.