The Increasingly Vulnerable Software Supply Chain
9/13/2018Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Post a Comment
Author
Profile of Thomas Etheridge
Vice President of Services, CrowdStrike News & Commentary Posts: 1As Vice President of Services, Thomas Etheridge oversees all service delivery associated with CrowdStrike's Falcon suite of cybersecurity products. Thomas brings over 20 years of management consulting experience and over 16 years of executive services leadership expertise in the security industry, building world-class teams to support SIEM, data security, compliance, breach mitigation, and more. Thomas joined CrowdStrike from Imperva, Inc., where he was Vice President of Global Professional Services and Training. Thomas spent more than seven years in KPMG's federal services practice in the 1990s managing the delivery of program/financial management, business process re-engineering, strategic planning, and technology implementation services before being recruited to high-growth security companies such as Netegrity, Aveksa, and ArcSight. During his tenure at those organizations, Thomas was instrumental in building global channel programs, operational controls, and in supporting the sales and delivery of impactful, adoption-driving solutions to some of the world's largest companies and government agencies.
Articles by Thomas Etheridge
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Post a Comment
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19296
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-15
PUBLISHED: 2018-11-15
PUBLISHED: 2018-11-15
PUBLISHED: 2018-11-15
From DHS/US-CERT's National Vulnerability Database CVE-2018-19296
PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVE-2018-19301PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This