Tackling Supply Chain Threats
10/24/2018Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Post a Comment
Author
Profile of Ang Cui
Founder & CEO, Red Balloon Security Member Since: 3/21/2018Author
News & Commentary Posts: 2
Comments: 0
Dr. Ang Cui is the founder and CEO of Red Balloon Security in New York City, and a PI on DARPA LADS, as well as various other government agency funded research efforts. Dr. Cui is the inventor of Symbiote, a firmware defense technology for embedded devices, and FRAK, a firmware analysis and modification tool. He has transitioned a number of security technologies into commercial products including Symbiote. Dr. Cui has received numerous awards for his work reverse engineering commercial devices and was selected as a DARPA Riser in 2015. Dr. Cui received his Ph.D. in computer science from Columbia University in 2015.
Articles by Ang Cui
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Post a Comment
The Overlooked Problem of 'N-Day' Vulnerabilities
3/26/2018N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
Post a Comment
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-10855
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
From DHS/US-CERT's National Vulnerability Database CVE-2019-10855
PUBLISHED: 2019-05-23
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
CVE-2019-10866PUBLISHED: 2019-05-23
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVE-2016-7550PUBLISHED: 2019-05-23
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
CVE-2016-8897PUBLISHED: 2019-05-23
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVE-2016-8899PUBLISHED: 2019-05-23
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This