Boosting Security Effectiveness with 'Adjuvants'
5/17/2018How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
Author
Profile of Raymond Pompon
Principal Threat Research Evangelist at F5 Networks News & Commentary Posts: 24Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An Audit Preparation Plan from Apress books.
Articles by Raymond Pompon
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Post a Comment
4 Critical Applications and How to Protect Them
5/3/2018Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
Post a Comment
Journey to the Cloud: Overcoming Security Risks
3/1/2018Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
Post a Comment
Security Liability in an 'Assume Breach' World
2/22/2018Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Post a Comment
Avoiding the Epidemic of Hospital Hacks
1/25/2018Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
1/18/2018How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Post a Comment
Be a More Effective CISO by Aligning Security to the Business
12/21/2017These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Post a Comment
Is a Good Offense the Best Defense Against Hackers?
12/14/2017A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Post a Comment
Why Third-Party Security Is your Security
12/7/2017Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
11/9/2017The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
11/2/2017With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Post a Comment
6 Steps to Finding Honey in the OWASP
10/12/2017The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Post a Comment
URL Obfuscation: Still a Phisher's Phriend
10/5/2017There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Post a Comment
Where Do Security Vulnerabilities Come From?
9/22/2017There are three major causes: code quality, complexity, and trusted data inputs.
Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
9/7/2017Five reasons why the chief information security officer needs to get out from under the control of IT.
Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
8/31/2017A treasure trove of PII from social networks and the public Internet is there for the taking.
Post a Comment
How to Avoid the 6 Most Common Audit Failures
8/17/2017In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
8/10/2017When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
7/27/2017Weak risk assessments have gotten a pass up until now, but that may be changing.
Post a Comment
Doxing, DoS & Defacement: Today’s Mainstream Hacktivism Tools
6/29/2017Anyone can get angry at you and become a hacktivist. Here’s how to protect your organization from these increasingly common cyber attacks.
Post a Comment
Talking Cyber-Risk with Executives
6/23/2017Explaining risk can be difficult since CISOs and execs don’t speak the same language. The key is to tailor your message for the audience.
Post a Comment
Will Deception as a Defense Become Mainstream?
6/8/2017If your organization has the right resources, deception strategies offer a powerful way to slow down and entrap potential intruders.
Post a Comment
DNS Is Still the Achilles’ Heel of the Internet
6/1/2017Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11487
PUBLISHED: 2018-05-26
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
PUBLISHED: 2018-05-25
From DHS/US-CERT's National Vulnerability Database CVE-2018-11487
PUBLISHED: 2018-05-26
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
CVE-2018-11471PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This