The Case for a Human Security Officer
12/5/2018Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Post a Comment
Author
Profile of Ira Winkler
CISSP, President, Secure Mentem News & Commentary Posts: 11Ira Winkler is president of Secure Mentem and author of Advanced Persistent Security.
Articles by Ira Winkler
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
8/21/2018If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Post a Comment
The Fundamental Flaw in Security Awareness Programs
7/19/2018It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Post a Comment
Indicting Chinese Military Officers Is A Huge Mistake
5/29/2014Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
4/4/2014When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Post a Comment
Target Mocks, Not Helps, Its Data Breach Victims
1/22/2014The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Post a Comment
Why Security Awareness Is Like An Umbrella
12/5/2013A small security awareness program will protect you as much as a small umbrella. So don’t complain when you get wet.
Post a Comment
Make The Most Of National Cyber Security Awareness Month
10/1/2013NCSAM is a catalyst to get extra attention for your security programs
Post a Comment
Arguments Against Security Awareness Are Shortsighted
3/25/2013A counterpoint to Bruce Schneier's recent post on security awareness training for users
Post a Comment
Stupid IRS Spam
9/30/2009I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Post a Comment
Why Social Engineers Need Training
9/10/2009Many security professionals who think they know anything about penetration testing also think they know enough to perform social engineering. After all, they are successful time and time again, so they think they know what they are doing. However, what follows is a textbook example of how a little knowledge in the wrong hands can be very dangerous.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19007
PUBLISHED: 2018-12-14
PUBLISHED: 2018-12-14
PUBLISHED: 2018-12-14
PUBLISHED: 2018-12-14
PUBLISHED: 2018-12-14
From DHS/US-CERT's National Vulnerability Database CVE-2018-19007
PUBLISHED: 2018-12-14
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2018-20147PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVE-2018-20148PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.
CVE-2018-20149PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.
CVE-2018-20150PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This