Boosting Security Effectiveness with 'Adjuvants'
5/17/2018How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
Author
Profile of Raymond Pompon
Principal Threat Research Evangelist at F5 Networks News & Commentary Posts: 24Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An Audit Preparation Plan from Apress books.
Articles by Raymond Pompon
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
4 Critical Applications and How to Protect Them
5/3/2018Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
Post a Comment
Journey to the Cloud: Overcoming Security Risks
3/1/2018Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
Post a Comment
Security Liability in an 'Assume Breach' World
2/22/2018Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Post a Comment
Avoiding the Epidemic of Hospital Hacks
1/25/2018Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
1/18/2018How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Post a Comment
Be a More Effective CISO by Aligning Security to the Business
12/21/2017These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Post a Comment
Is a Good Offense the Best Defense Against Hackers?
12/14/2017A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Post a Comment
Why Third-Party Security Is your Security
12/7/2017Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
11/9/2017The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
11/2/2017With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Post a Comment
6 Steps to Finding Honey in the OWASP
10/12/2017The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Post a Comment
URL Obfuscation: Still a Phisher's Phriend
10/5/2017There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Post a Comment
Where Do Security Vulnerabilities Come From?
9/22/2017There are three major causes: code quality, complexity, and trusted data inputs.
Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
9/7/2017Five reasons why the chief information security officer needs to get out from under the control of IT.
Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
8/31/2017A treasure trove of PII from social networks and the public Internet is there for the taking.
Post a Comment
How to Avoid the 6 Most Common Audit Failures
8/17/2017In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
8/10/2017When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
7/27/2017Weak risk assessments have gotten a pass up until now, but that may be changing.
Post a Comment
Doxing, DoS & Defacement: Today’s Mainstream Hacktivism Tools
6/29/2017Anyone can get angry at you and become a hacktivist. Here’s how to protect your organization from these increasingly common cyber attacks.
Post a Comment
Talking Cyber-Risk with Executives
6/23/2017Explaining risk can be difficult since CISOs and execs don’t speak the same language. The key is to tailor your message for the audience.
Post a Comment
Will Deception as a Defense Become Mainstream?
6/8/2017If your organization has the right resources, deception strategies offer a powerful way to slow down and entrap potential intruders.
Post a Comment
DNS Is Still the Achilles’ Heel of the Internet
6/1/2017Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is our most effective security awareness training tool yet!"
Latest Comment: "This is our most effective security awareness training tool yet!"
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This