Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Alon Nafta

Senior Security Researcher, SentinelOne

News & Commentary Posts: 1

Alon Nafta is a senior security engineer at SentinelOne, a provider of a next-generation endpoint protection technology. Prior to SentinelOne, Alon was responsible for security research and software engineering at server security vendor PrivateCore which was acquired by Facebook in 2014. He also served in an elite technology unit of the Israeli intelligence corps. Alon holds Bachelor degrees in Electrical Engineering and Physics, both from the Technion Israel, and a Masters in Electrical Engineering from Tel Aviv University.

Articles by Alon Nafta
posted in February 2015

How Malware Bypasses Our Most Advanced Security Measures

2/10/2015
We unpack three common attack vectors and five evasion detection techniques.
Post a Comment

Hot Topics

Editors' Choice

NSA Appoints Rob Joyce as Cyber Director

Dark Reading Staff 1/15/2021

Vulnerability Management Has a Data Problem

Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

IFSEC Global, Staff, 1/14/2021

Webinars

Protecting Your Enterprise's Intellectual Property

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

Making Cybersecurity Work in Small and Medium-Sized Businesses

Webinar Archives

White Papers

How to Prioritize Risk Across the Cyberattack Surface

The Insecure State of Microsoft Teams Security

Cloud Connectivity -- Your Guide to the Network

Universal Internet Connectivity: Reality or Myth?

ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3110
PUBLISHED: 2021-01-20

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

CVE-2020-35217
PUBLISHED: 2021-01-20

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to p...

CVE-2021-23326
PUBLISHED: 2021-01-20

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.

CVE-2020-27852
PUBLISHED: 2021-01-20

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

CVE-2021-3137
PUBLISHED: 2021-01-20

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]