Making the Case for a Cybersecurity Moon Shot
2/19/2019There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Post a Comment
Author
Profile of Adam Shostack
Consultant, Entrepreneur, Technologist, Game Designer News & Commentary Posts: 14Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board and helped create the CVE and many other things. He currently helps organizations improve their security via Shostack & Associates, and advises startups as a Mach37 Star Mentor. While at Microsoft, Adam drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. He is the author of "Threat Modeling: Designing for Security," and the co-author of "The New School of Information Security."
Articles by Adam Shostack
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Post a Comment
'EFAIL' Is Why We Can’t Have Golden Keys
6/5/2018A deep dive into the issues surrounding an HTML email attack.
Post a Comment
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
5/10/2018With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Post a Comment
The Critical Difference Between Vulnerabilities Equities & Threat Equities
11/30/2017Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
Post a Comment
CISO Security ‘Portfolios’ Vs. Reporting Structures
8/23/2016Organizational structure is a tool for driving action. Worrying about your boss’s title won’t help you as much as a better communication framework.
Post a Comment
Security Portfolios: A Different Approach To Leadership
8/11/2016How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
Post a Comment
Security Lessons from My Financial Planner
6/24/2016Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Post a Comment
Revealing Lessons About Vulnerability Research
6/10/2016It’s not clear why a dozen FBI agents showed up at a security researcher’s door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
Post a Comment
Security Lessons from C-3PO, Former CSO of the Millennium Falcon
4/21/2016The business will take risks. When and how to speak up.
Post a Comment
CAs Need To Force Rules Around Trust
4/4/2016Google Symantec flap reveals worrisome weakness in the CA system.
Post a Comment
Security Lessons From My Stock Broker
3/17/2016Or, how to lie with metrics.
Post a Comment
Security Lessons From “The Gluten Lie”
3/10/2016How faith healers and security vendors have learned what lies work.
Post a Comment
Security Lessons From My Doctor
2/25/2016Why it’s hard to change risky habits like weak passwords and heavy smoking, even when advice is clear.
Post a Comment
Security Lessons From My Car Mechanic
2/18/2016What an unlocked oil pan taught me about me about the power of two-way communication between security pros and the organizations they serve.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-9962
PUBLISHED: 2019-03-24
PUBLISHED: 2019-03-24
PUBLISHED: 2019-03-24
PUBLISHED: 2019-03-24
PUBLISHED: 2019-03-24
From DHS/US-CERT's National Vulnerability Database CVE-2019-9962
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
CVE-2019-9963PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
CVE-2019-9964PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
CVE-2019-9965PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
CVE-2019-9966PUBLISHED: 2019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This