Advertise

Author

Profile of Lance Dubsky

CISSP, CISM

News & Commentary Posts: 2

Lance Dubsky, CISSP, CISM, is Chief Security Strategist, Americas, at FireEye and has over two decades of experience planning, building and implementing large information security programs. Before joining FireEye, he served as the Chief Information Security Officer at two U.S. Intelligence Agencies where he led global information security programs. Lance drove transformations in risk management, security engineering, space security assurance and security operations. Earlier in his career he worked as an independent consultant advising public sector clients and he is a veteran of the U.S. Air Force. He holds a B.S. in Information Systems from the University of Maryland and a M.A. from Creighton University in International Relations.

Articles by Lance Dubsky, CISSP, CISM

View Content By Month

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick

7/6/2016
Whether it’s due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here’s how to make it better.
Post a Comment

The Balancing Act: Government Security In The Cloud

5/4/2016
The cloud offers great opportunities and challenges to public sector security teams defending critical systems against advanced threats. These 7 strategies will help you avoid a worst-case scenario.
Post a Comment

Hot Topics

Editors' Choice

WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication

John Fontana, Standards & Identity Analyst, Yubico, 9/19/2018

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/19/2018

Live Events

Webinars

More UBM Tech
Live Events

Build Your Communications & Collaboration Future

Enterprise Connect Orlando 2019 Registration is Open!

White Papers

Build the Best IT Budget for 2019

2018 Security Report

2017 Actionable Threat Intelligence Survey

Threat Intelligence: A Guide to Selection and Use

Cybersecurity Beyond the Network Reach

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-17283
PUBLISHED: 2018-09-21

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Inject...

CVE-2018-17282
PUBLISHED: 2018-09-20

An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.

CVE-2018-14592
PUBLISHED: 2018-09-20

The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.

CVE-2018-15832
PUBLISHED: 2018-09-20

upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...

CVE-2018-16282
PUBLISHED: 2018-09-20

A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]