4 Proactive Steps to Avoid Being the Next Data Breach Victim
11/7/2017Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
Post a Comment
Author
Profile of Joshua Bevitz
Partner at Newmeyer & Dillion Member Since: 10/26/2017Author
News & Commentary Posts: 1
Comments: 0
A partner in Newmeyer & Dillion's Walnut Creek office, Joshua Bevitz has experience practicing in a wide range of legal specialties, including cybersecurity, civil litigation, real estate litigation, construction litigation, insurance litigation, professional liability defense, personal injury defense, transportation law, admiralty law, international law, and criminal law. Joshua also worked for the US Department of Justice, Criminal Division, Office of International Affairs in Washington, DC.
Articles by Joshua Bevitz
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
Post a Comment
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I spy, you spy, we all spy...a spy...
Latest Comment: I spy, you spy, we all spy...a spy...
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19367
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-19
From DHS/US-CERT's National Vulnerability Database CVE-2018-19367
PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10099PUBLISHED: 2018-11-20
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-17906PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This