Boosting Security Effectiveness with 'Adjuvants'
5/17/2018How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
Author
Profile of Raymond Pompon
Principal Threat Research Evangelist at F5 Networks News & Commentary Posts: 24Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An Audit Preparation Plan from Apress books.
Articles by Raymond Pompon
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
4 Critical Applications and How to Protect Them
5/3/2018Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
Post a Comment
Journey to the Cloud: Overcoming Security Risks
3/1/2018Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
Post a Comment
Security Liability in an 'Assume Breach' World
2/22/2018Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Post a Comment
Avoiding the Epidemic of Hospital Hacks
1/25/2018Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
1/18/2018How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Post a Comment
Be a More Effective CISO by Aligning Security to the Business
12/21/2017These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Post a Comment
Is a Good Offense the Best Defense Against Hackers?
12/14/2017A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Post a Comment
Why Third-Party Security Is your Security
12/7/2017Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
11/9/2017The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
11/2/2017With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Post a Comment
6 Steps to Finding Honey in the OWASP
10/12/2017The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Post a Comment
URL Obfuscation: Still a Phisher's Phriend
10/5/2017There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Post a Comment
Where Do Security Vulnerabilities Come From?
9/22/2017There are three major causes: code quality, complexity, and trusted data inputs.
Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
9/7/2017Five reasons why the chief information security officer needs to get out from under the control of IT.
Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
8/31/2017A treasure trove of PII from social networks and the public Internet is there for the taking.
Post a Comment
How to Avoid the 6 Most Common Audit Failures
8/17/2017In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
8/10/2017When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
7/27/2017Weak risk assessments have gotten a pass up until now, but that may be changing.
Post a Comment
Doxing, DoS & Defacement: Today’s Mainstream Hacktivism Tools
6/29/2017Anyone can get angry at you and become a hacktivist. Here’s how to protect your organization from these increasingly common cyber attacks.
Post a Comment
Talking Cyber-Risk with Executives
6/23/2017Explaining risk can be difficult since CISOs and execs don’t speak the same language. The key is to tailor your message for the audience.
Post a Comment
Will Deception as a Defense Become Mainstream?
6/8/2017If your organization has the right resources, deception strategies offer a powerful way to slow down and entrap potential intruders.
Post a Comment
DNS Is Still the Achilles’ Heel of the Internet
6/1/2017Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2016-10743
PUBLISHED: 2019-03-23
PUBLISHED: 2019-03-23
PUBLISHED: 2019-03-23
PUBLISHED: 2019-03-23
PUBLISHED: 2019-03-23
From DHS/US-CERT's National Vulnerability Database CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This