Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Tom Webb

Incident Handler, SANS Internet Storm Center

Member Since: 5/27/2017
Author
News & Commentary Posts: 1
Comments: 0

Tom Webb is an incident handler for the SANS Internet Storm Center. He currently leads a team of six that perform incident response and forensics investigations and vulnerability management. He has 12 years dedicated to security. Tom holds several certs, including the GSE and CISSP.

Articles by Tom Webb

View Content By Month

How to Succeed at Incident Response Metrics

6/2/2017
Establishing a baseline of what information you need is an essential first step.
Post a Comment

Content by Month
June 2017 - 1
[close this box]

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 9/21/2020

Hacking Yourself: Marie Moe and Pacemaker Security

Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning, 9/21/2020

Startup Aims to Map and Track All the IT and Security Things

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/22/2020

Live Events

Webinars

Hear Microsoft, FedEx & VMware Speak @ Interop Digital

Network Automation Summit presented by Network to Code at Interop Digital

Earn (ISC)2 CPEs at Interop Digital, Oct 5-8

More Informa Tech Live Events

White Papers

[Forrester Research] The State of Data Security & Privacy

2020 Gartner Market Guide for Network Detection & Response

2020 SANS Cyber Threat Intelligence

How You Can Evaluate Your Org's Cybersecurity Readiness

Antigena Email: Building Immunity for Your Inbox

More White Papers

Cartoon

Latest Comment: Yes Mother I know I've been eating too many cookies again! You can stop talking about that now......

Cartoon Archive

Current Issue

Special Report: Computing's New Normal

This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How IT Security Organizations are Attacking the Cybersecurity Problem

The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5783
PUBLISHED: 2020-09-23

In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.

CVE-2020-11031
PUBLISHED: 2020-09-23

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library c...

CVE-2020-5781
PUBLISHED: 2020-09-23

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.

CVE-2020-5782
PUBLISHED: 2020-09-23

In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the â€&tilde;wan_typeâ€™ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.

CVE-2020-24213
PUBLISHED: 2020-09-23

An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]