Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Paul Drapeau

Principal Security Researcher, Confer

Member Since: 11/3/2014
Author
News & Commentary Posts: 2
Comments: 0

Paul Drapeau is a Principal Security Researcher for Confer, which offers endpoint and server security via an open, threat-based, collaborative platform. Prior to joining Confer he led IT security for a public, global pharmaceutical research-and-development organization. He is an active member of the security community and has spoken at many security and other industry conferences including DEF CON and Infosec World. Paul has served as a volunteer organizer and ran the CTF competitions at Security BSides Boston in 2013 and 2014. He holds a Bachelor's degree in computer science from URI and various security certifications.

Articles by Paul Drapeau

View Content By Month

The Apple App Store Incident: Trouble in Paradise?

1/22/2016
The fact that Apple’s security model has worked so well in the past doesn’t mean it will work well forever. Here’s why.
Post a Comment

Stop Trusting Signed Malware: 3 Steps

11/7/2014
Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
Post a Comment

Hot Topics

Editors' Choice

More SolarWinds Attack Details Emerge

Kelly Jackson Higgins, Executive Editor at Dark Reading, 1/12/2021

Vulnerability Management Has a Data Problem

Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

IFSEC Global, Staff, 1/14/2021

Webinars

Protecting Your Enterprise's Intellectual Property

Making Cybersecurity Work in Small and Medium-Sized Businesses

ROI and Beyond for the Cloud

Webinar Archives

White Papers

Ahead of the Curve: Accelerate Cyber Response with DNS Insights

All In, Online Gaming & Gambling

How to Compete in Financial Services IT

Universal Internet Connectivity: Reality or Myth?

Threat Intelligence Solutions: A SANS Review of Anomali ThreatStream

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-28472
PUBLISHED: 2021-01-19

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further ...

CVE-2020-28477
PUBLISHED: 2021-01-19

This affects all versions of package immer.

CVE-2020-28478
PUBLISHED: 2021-01-19

This affects the package gsap before 3.6.0.

CVE-2021-22850
PUBLISHED: 2021-01-19

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.

CVE-2021-22851
PUBLISHED: 2021-01-19

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]