Boosting Security Effectiveness with 'Adjuvants'
5/17/2018How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
Author
Profile of Raymond Pompon
Principal Threat Research Evangelist at F5 Networks News & Commentary Posts: 24Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An Audit Preparation Plan from Apress books.
Articles by Raymond Pompon
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
4 Critical Applications and How to Protect Them
5/3/2018Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
Post a Comment
Journey to the Cloud: Overcoming Security Risks
3/1/2018Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
Post a Comment
Security Liability in an 'Assume Breach' World
2/22/2018Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Post a Comment
Avoiding the Epidemic of Hospital Hacks
1/25/2018Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
1/18/2018How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Post a Comment
Be a More Effective CISO by Aligning Security to the Business
12/21/2017These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Post a Comment
Is a Good Offense the Best Defense Against Hackers?
12/14/2017A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Post a Comment
Why Third-Party Security Is your Security
12/7/2017Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
11/9/2017The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
11/2/2017With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Post a Comment
6 Steps to Finding Honey in the OWASP
10/12/2017The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Post a Comment
URL Obfuscation: Still a Phisher's Phriend
10/5/2017There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Post a Comment
Where Do Security Vulnerabilities Come From?
9/22/2017There are three major causes: code quality, complexity, and trusted data inputs.
Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
9/7/2017Five reasons why the chief information security officer needs to get out from under the control of IT.
Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
8/31/2017A treasure trove of PII from social networks and the public Internet is there for the taking.
Post a Comment
How to Avoid the 6 Most Common Audit Failures
8/17/2017In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
8/10/2017When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
7/27/2017Weak risk assessments have gotten a pass up until now, but that may be changing.
Post a Comment
Doxing, DoS & Defacement: Today’s Mainstream Hacktivism Tools
6/29/2017Anyone can get angry at you and become a hacktivist. Here’s how to protect your organization from these increasingly common cyber attacks.
Post a Comment
Talking Cyber-Risk with Executives
6/23/2017Explaining risk can be difficult since CISOs and execs don’t speak the same language. The key is to tailor your message for the audience.
Post a Comment
Will Deception as a Defense Become Mainstream?
6/8/2017If your organization has the right resources, deception strategies offer a powerful way to slow down and entrap potential intruders.
Post a Comment
DNS Is Still the Achilles’ Heel of the Internet
6/1/2017Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
Post a Comment
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-17906
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
PUBLISHED: 2018-11-19
From DHS/US-CERT's National Vulnerability Database CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVE-2018-9209PUBLISHED: 2018-11-19
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
CVE-2018-9207PUBLISHED: 2018-11-19
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2018-15759PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This