Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Joshua Goldfarb

Independent Consultant

News & Commentary Posts: 70

Josh (Twitter: @ananalytical) is an experienced information security leader who works with enterprises to mature and improve their enterprise security programs. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Articles by Joshua Goldfarb
posted in July 2017

View Content By Month

20 Questions for Improving SMB Security

7/21/2017
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
Post a Comment

Hot Topics

Editors' Choice

7 Tips for Choosing Security Metrics That Matter

Ericka Chickowski, Contributing Writer, 10/19/2020

IoT Vulnerability Disclosure Platform Launched

Dark Reading Staff 10/19/2020

GravityRAT Spyware Targets Android & MacOS in India

Dark Reading Staff 10/19/2020

Live Events

Webinars

Get Your Pass | Interop Digital December 3rd FREE Event

Interop Digital December 3rd FREE Event on Cloud & Networking

More Informa Tech Live Events

White Papers

When and How to Best Leverage an MSSP

SANS Report: Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework

IDC MarketScape: Worldwide Managed Security Services 2020 Vendor Assessment

7 Experts on Transforming Your Threat Detection & Response Strategy

An Integrated Approach to Embedding Security into DevOps

More White Papers

Cartoon

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

Special Report: Computing's New Normal

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How IT Security Organizations are Attacking the Cybersecurity Problem

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-27155
PUBLISHED: 2020-10-22

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.

CVE-2020-27195
PUBLISHED: 2020-10-22

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

CVE-2020-7020
PUBLISHED: 2020-10-22

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents ...

CVE-2020-26649
PUBLISHED: 2020-10-22

AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php

CVE-2020-26650
PUBLISHED: 2020-10-22

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]