Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Authentication

Mobile

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

Network Computing Dark Reading

Advertise

About Us

Author

Profile of Uri Rivner

Co-Founder, Head of Cyber Strategy, BioCatch

Member Since: 12/9/2015
Author
News & Commentary Posts: 1
Comments: 1

Uri Rivner, Co-Founder and Head of Cyber Strategy at BioCatch is recognized globally as an industry expert on cybercrime and advanced threats. He is a regular speaker in the leading security and cyber conferences, and writes a cyber-security blog read by thousands of professionals. Prior to joining BioCatch he served as Head of New Technologies, Identity Protection at RSA. Over the years Uri worked closely with the world's largest financial institutions on developing solutions against online crime, Phishing and Trojans, and helped other industry verticals establish an effective defense doctrine against advanced cyber threats. He was a key player in developing anti-cybercrime technologies used today by thousands of organizations worldwide to stop billions of dollars in fraud each year and protect hundreds of millions of users.

Articles by Uri Rivner

View Content By Month

When RATs Become a Social Engineer’s Best Friend

12/18/2015
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
Post a Comment

Content by Month
December 2015 - 1
[close this box]

Hot Topics

Editors' Choice

44% of Security Threats Start in the Cloud

Kelly Sheridan, Staff Editor, Dark Reading, 2/19/2020

Zero-Factor Authentication: Owning Our Data

Nick Selby, Chief Security Officer at Paxos Trust Company, 2/19/2020

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Robert Lemos, Contributing Writer, 2/20/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

Digital Transformation Built on the Cloud

Cisco Cybersecurity Series 2019: Threat Report

Are SAST Tools Glorified Grep?

More White Papers

Video

All Videos

Cartoon

Latest Comment: He said XP and 7 are both insecure? And Server 2003 and 2008 also? Can't have him saying those things! We don't have any ...

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-9351
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...

CVE-2020-9352
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.

CVE-2020-9353
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...

CVE-2020-9354
PUBLISHED: 2020-02-23

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...

CVE-2020-9355
PUBLISHED: 2020-02-23

danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]