You’ve Been Attacked. Now What?
10/23/2015The five steps you take in the first 48 hours after a breach will go a long way towards minimizing your organization’s exposure and liability.
Post a Comment
Author
Profile of Ryan Vela
Regional Director, Fidelis Cybersecurity News & Commentary Posts: 11Ryan Vela is a Regional Director for Fidelis Cybersecurity. He has 15-years' experience in conducting investigations and digital forensic analysis. Ryan served as a Strategic Planner at the Defense Computer Forensics Laboratory (DCFL), where he established plans for the laboratory to establish operational capabilities and achieve ISO accreditation. As an Investigative Lead, Ryan specializes in large-scale cyberbreach investigations, situational containment, digital forensics, network security, malware analysis, and security assessments, and has recently served as the lead investigator for one of the most current and largest breaches to date.
Articles by Ryan Vela
The five steps you take in the first 48 hours after a breach will go a long way towards minimizing your organization’s exposure and liability.
Post a Comment
Breach Defense Playbook: Cybersecurity Governance
6/25/2015Time to leave the island: Integrate cybersecurity into your risk management strategy.
Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 2)
6/24/2015Will your incident response plan work when a real-world situation occurs?
Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 1)
6/23/2015Will your incident response plan work when a real-world situation occurs?
Post a Comment
Breach Defense Playbook: Open Source Intelligence
6/22/2015Do you know what information out there is putting you at risk?
Post a Comment
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
6/18/2015Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Post a Comment
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
6/17/2015How does your cybersecurity program compare to your industry peers?
Post a Comment
Breach Defense Playbook: Hunting For Breach Indicators
6/11/2015Do you proactively hunt for malware on your network, or do you wait for your tools to tell you?
Post a Comment
Breach Defense Playbook: Assessing Your Security Controls
6/10/2015Do you include physical security as part of your cybersecurity risk management plan?
Post a Comment
Breach Defense Playbook: Assessing Your Cybersecurity Engineering
6/9/2015Is your cybersecurity infrastructure robust enough to defend against future attacks?
Post a Comment
Breach Defense Playbook
4/16/2015How to be smart about defending against your next attack.
Post a Comment
White Papers
Video
0 Comments
Current Issue
How to Cope with the IT Security Skills ShortageMost enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This