Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Authentication

Mobile

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

To InformationWeek

Network Computing Dark Reading

Advertise

Author

Profile of Dimitri Sirota

Founder & CEO of BigID

Member Since: 3/13/2017
Author
News & Commentary Posts: 3
Comments: 0

Dimitri Sirota is a 10+ year privacy expert and identity veteran. He is CEO and cofounder of data protection and privacy software company BigID. Prior to starting BigID, Dimitri founded two enterprise software companies focused on security (eTunnels) and API management (Layer 7 Technologies), which was sold to CA Technologies in 2013.

Articles by Dimitri Sirota

View Content By Month

Data Privacy Protections for the Most Vulnerable — Children

10/17/2019
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Post a Comment

The Right to Be Forgotten & the New Era of Personal Data Rights

7/27/2017
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
Post a Comment

Privacy Babel: Making Sense of Global Privacy Regulations

3/29/2017
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
Post a Comment

Editors' Choice

I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned

Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 11/19/2019

6 Top Nontechnical Degrees for Cybersecurity

Curtis Franklin Jr., Senior Editor at Dark Reading, 11/21/2019

Anatomy of a BEC Scam

Kelly Jackson Higgins, Executive Editor at Dark Reading, 11/21/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

[Dark Reading Tech Digest] Navigating the Deluge of Security Data

Tech Digest: How to Get Started with Emerging Tech

[Infographic] Are You Maximizing Value of the Cloud?

2019 State of DevOps

The Silent Threat: Third Party Cyber Risk

More White Papers

Video

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "I think this year's Cybersecurity Awareness Campaign is too much! I'll clean up after a cyber incident, but I will not clean up after a ...

Cartoon Archive

Current Issue

Navigating the Deluge of Security Data

In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Rethinking Enterprise Data Defense

Rethinking Enterprise Data Defense

Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprise

2019 Online Malware and Threats

The State of IT Operations and Cybersecurity Operations

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3654
PUBLISHED: 2019-11-22

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...

CVE-2014-2214
PUBLISHED: 2019-11-22

Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php

CVE-2014-6310
PUBLISHED: 2019-11-22

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

CVE-2014-6311
PUBLISHED: 2019-11-22

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

CVE-2019-16763
PUBLISHED: 2019-11-22

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]