Security Lessons from My Game Closet
3/22/2019In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Post a Comment
Author
Profile of Joshua Goldfarb
Co-founder & Chief Product Officer, IDRRA News & Commentary Posts: 52Josh (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently co-founder and chief product officer at IDRRA and also serves as security advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO for emerging technologies at FireEye and as chief security officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the chief of analysis for the United States Computer Emergency Readiness Team (US-CERT) which he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to DarkReading and SecurityWeek.
Articles by Joshua Goldfarb
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Post a Comment
Solving Security: Repetition or Redundancy?
2/28/2019To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
Post a Comment
KISS, Cyber & the Humble but Nourishing Chickpea
2/1/2019The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.
Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
12/13/2018Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Post a Comment
8 Security Buzzwords That Are Too Good to Be True
11/20/2018If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Post a Comment
Good Times in Security Come When You Least Expect Them
10/23/2018Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.
Post a Comment
The Right Diagnosis: A Cybersecurity Perspective
10/1/2018A healthy body and a healthy security organization have a lot more in common than most people think.
Post a Comment
Why a Healthy Data Diet Is the Secret to Healthy Security
9/6/2018In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
Post a Comment
How 'Projection' Slows Down the Path to Security Maturity
7/24/2018A little bit of self-awareness goes a long way when it comes to evaluating a company's security maturity level. It's also a prerequisite to improving.
Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
6/11/2018How the security industry can both make money and stay true to its core values, and why that matters.
Post a Comment
20 Signs You Are Heading for a Retention Problem
5/9/2018If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Post a Comment
20 Ways to Increase the Efficiency of the Incident Response Workflow
4/10/2018Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Post a Comment
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
3/6/2018Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
Post a Comment
20 Signs You Need to Introduce Automation into Security Ops
2/8/2018Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Post a Comment
In Security & Life, Busy Is Not a Badge of Honor
1/16/2018All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Post a Comment
Is Your Security Workflow Backwards?
12/15/2017The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Post a Comment
Why Common Sense Is Not so Common in Security: 20 Answers
11/10/2017Or, questions vendors need to ask themselves before they write a single word of marketing material.
Post a Comment
20 Questions to Ask Yourself before Giving a Security Conference Talk
10/16/2017As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Post a Comment
20 Questions to Help Achieve Security Program Goals
9/13/2017There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Post a Comment
20 Tactical Questions SMB Security Teams Should Ask Themselves
8/15/2017Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Post a Comment
20 Questions for Improving SMB Security
7/21/2017Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
Post a Comment
The Case for Crowdsourcing Security Buying Decisions
6/30/2017Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Post a Comment
SMB Security: Don’t Leave the Smaller Companies Behind
6/1/2017Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
Post a Comment
Seeing Security from the Other Side of the Window
5/3/2017From the vantage of our business colleagues, security professionals are a cranky bunch who always need more money, but can’t explain why.
Post a Comment
Data Visualization: Keeping an Eye on Security
3/27/2017Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Post a Comment
20 Questions for SecOps Platform Providers
2/27/2017Security operations capabilities for the masses is long overdue. Here’s how to find a solution that meets your budget and resources.
Post a Comment
Crowdsourcing 20 Answers To Security Ops & IR Questions
1/12/2017“Those who know do not speak. Those who speak do not know.” Why it pays to take a hard look at our own incident response functions and operations.
Post a Comment
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
12/20/2016A template for working collaboratively with the business in today’s rapidly changing technology environment.
Post a Comment
20 Questions Smart Security Pros Should Ask About 'Intelligence'
12/1/2016Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
Post a Comment
20 Endpoint Security Questions You Never Thought to Ask
10/26/2016The endpoint detection and response market is exploding! Here’s how to make sense of the options, dig deeper, and separate vendor fact from fiction.
Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
10/5/2016This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
Post a Comment
20 Questions Security Leaders Need To Ask About Analytics
9/15/2016The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
8/10/2016Why being practical and operationally minded is the only way to build a successful security program.
Post a Comment
5 Failsafe Techniques For Interviewing Security Candidates
7/22/2016Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Post a Comment
Mind The Gap: CISOs Versus 'Operators'
6/25/2016How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Post a Comment
A Wish List For The Security Conference Stage
5/26/2016All the world may be a stage, but in the theater of cybersecurity, we need a more relevant dialogue of fresh ideas, novel approaches, and new ways of thinking.
Post a Comment
8 Signs Your Security Culture Lacks Consistency
4/27/2016Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters.
Post a Comment
Cloud Security: Understanding New Risks, Rising To New Challenges
3/21/2016In a business world dominated by the cloud, security ops has to change the way we play the game in order to accomplish our strategic goals.
Post a Comment
Public Vs. Private: Is A Prestigious Infosec College Degree Worth It?
2/24/2016Today's graduates coming into the information security industry from private universities aren’t ready for the workforce.
Post a Comment
Careers in InfoSec: Don’t Be Fooled By The Credential Alphabet
1/27/2016Analytical skills, work ethic, an ability to overcome obstacles, and a natural drive to solve problems are the critical hiring factors in today’s tight job market.
Post a Comment
The Matrix Reloaded: Security Goals v. Operational Requirements
1/7/2016Building a matrix that measures people, process, and technology against security goals is a proven method for reducing risk in an organization. Here’s how.
Post a Comment
Playing It Straight: Building A Risk-Based Approach To InfoSec
12/7/2015What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
Post a Comment
Mature & Unconfident: The Best Information Security Teams Ever!
11/5/2015Security through maturity and humility is a workable philosophy with proven results for organizations that are willing to give it a try. Here’s why.
Post a Comment
An Atypical Approach To DNS
10/15/2015It’s now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Here’s how -- and why -- you should care.
Post a Comment
Information Security Lessons From Literature
9/15/2015How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
Post a Comment
Data Visibility: A Matter Of Perspective
8/10/2015You can't analyze what you can't see. True at the dentist and true in security.
Post a Comment
Detection: A Balanced Approach For Mitigating Risk
7/21/2015Only detection and response can complete the security picture that begins with prevention.
Post a Comment
Security Metrics: It’s All Relative
6/9/2015What a haircut taught me about communicating the value of security to executives and non-security professionals.
Post a Comment
Taking A Security Program From Zero To Hero
5/13/2015Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organization’s security capabilities. Here are six steps to get you started.
Post a Comment
Setting Security Professionals Up For Success
4/14/2015People, process, and technology are all integral to a successful infosec program. What’s too often missing involves the concept of workflow.
Post a Comment
Context: Finding The Story Inside Your Security Operations Program
3/23/2015What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
4/22/2014When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
Post a Comment
White Papers
Video
1 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-11378
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
From DHS/US-CERT's National Vulnerability Database CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This