The Apple App Store Incident: Trouble in Paradise?
1/22/2016The fact that Apple’s security model has worked so well in the past doesn’t mean it will work well forever. Here’s why.
Post a Comment
Author
Profile of Paul Drapeau
Principal Security Researcher, Confer Member Since: 11/3/2014Author
News & Commentary Posts: 2
Comments: 0
Paul Drapeau is a Principal Security Researcher for Confer, which offers endpoint and server security via an open, threat-based, collaborative platform. Prior to joining Confer he led IT security for a public, global pharmaceutical research-and-development organization. He is an active member of the security community and has spoken at many security and other industry conferences including DEF CON and Infosec World. Paul has served as a volunteer organizer and ran the CTF competitions at Security BSides Boston in 2013 and 2014. He holds a Bachelor's degree in computer science from URI and various security certifications.
Articles by Paul Drapeau
The fact that Apple’s security model has worked so well in the past doesn’t mean it will work well forever. Here’s why.
Post a Comment
Stop Trusting Signed Malware: 3 Steps
11/7/2014Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Despite Bob's best efforts, the phishing emails still found him.
Latest Comment: Despite Bob's best efforts, the phishing emails still found him.
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2017-14185
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
From DHS/US-CERT's National Vulnerability Database CVE-2017-14185
PUBLISHED: 2018-05-25
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
CVE-2018-8862PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8864PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8871PUBLISHED: 2018-05-25
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2017-9641PUBLISHED: 2018-05-25
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This