Anti-Malware Is Necessary In The Data Center: 3 Examples
12/14/2016Simply because data center endpoints don’t have the same threat profile as general desktops doesn’t mean they don’t need anti-malware software. Here’s why.
Post a Comment
Author
Profile of Jeremiah Grossman
Member Since: 3/3/2015Author
News & Commentary Posts: 8
Comments: 16
Jeremiah Grossman, Chief of Security Strategy, SentinelOne, Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, & Founder of WhiteHat Security.
Jeremiah Grossman's career spans nearly 20 years. He has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events and including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!
Articles by Jeremiah Grossman
Simply because data center endpoints don’t have the same threat profile as general desktops doesn’t mean they don’t need anti-malware software. Here’s why.
Post a Comment
Raising The Stakes For Application Security
4/1/2016Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
Post a Comment
Understanding The 2 Sides Of Application Security Testing
3/14/2016Everybody likes to focus on the top 10 vulnerabilities, but I've never found a company with a top 10 vulnerabilities problem. Every company has a different top 10.
Post a Comment
Black Hat, Data Science, Machine Learning, and… YOU!
8/14/2015The time has come for security pros to start honing in on their machine learning skills. Here’s why.
Post a Comment
Obama’s War On Hackers
4/6/2015Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research.
Post a Comment
You Can't Always Be Proactive
10/8/2009Having your car serviced regularly, stretching before working out, and visiting the dentist twice a year are known to prevent engine failure, physical injury, and potentially life-threatening gingivitis. In addition, being proactive also extends to the world of information security.
Post a Comment
When Mass SQL Injection Worms Evolve...Again
8/24/2009In the past, I've described how mass SQL injection worms took the Web completely by storm. Two years ago, SQL injection attacks evolved from sentient, one-off, targeted data-stealing exploits, like in the breaches at Hannaford Brothers and Heartland, to fully automated, unauthenticated
Post a Comment
Disclosure Helps Bad Guys -- But Not The Way You'd Think
6/4/2009When publicly disclosing new attack techniques or simplifying older ones, many researchers -- including myself -- have been accused of indirectly assisting the bad guys by schooling them in their evil ways. Admittedly, we can never really be sure we're not helping them, but at the same time, we can't be certain the bad guys don't already know what we do.
Post a Comment
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What did you expect from this SOC? A unicorn....
Latest Comment: What did you expect from this SOC? A unicorn....
Current Issue
Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This