Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Authentication

Mobile

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

Network Computing Dark Reading

Advertise

About Us

Author

Profile of Joseph R. Salazar

Technical Marketing Engineer

Member Since: 6/10/2019
Author
News & Commentary Posts: 1
Comments: 0

Joseph Salazar is a veteran information security professional, with both military and civilian experience. He began his career in information technology in 1995 and transitioned into information security in 1997. He is a retired Major from the US Army Reserves, with 22 years as a counterintelligence agent, military intelligence officer, and cybersecurity officer. In his civilian career, he's been a systems and security administrator, a computer security incident response analyst, a security operations manager, and a computer forensic investigator. He has worked for numerous financial services institutions, a defense contractor, a cloud services provider, and an e-commerce company. He maintains the CISSP, CEH, and EnCE certifications, and holds a BA in Legal Studies from UC Berkeley. He currently works at Attivo Networks as a technical marketing engineer.

Articles by Joseph R. Salazar

View Content By Month

The Rise of 'Purple Teaming'

6/13/2019
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
Post a Comment

Content by Month
June 2019 - 1
[close this box]

Hot Topics

Editors' Choice

Mobile Banking Malware Up 50% in First Half of 2019

Kelly Sheridan, Staff Editor, Dark Reading, 1/17/2020

Active Directory Needs an Update: Here's Why

Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus, 1/16/2020

New Attack Campaigns Suggest Emotet Threat Is Far From Over

Jai Vijayan, Contributing Writer, 1/16/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

NetFlow vs Packet Data

[Exclusive InformationWeek IT Trend Report] The Cloud Gets Ready for the 20's

Definitive Guide to Securing DevOps

Forrester's MITRE ATT&CK Evaluation Guide

Simplify Your App Security

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Oh, Bill? He's kind of old-school, but one of our best Cloud developers.

Cartoon Archive

Current Issue

The Year in Security: 2019

This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Attacking the Cybersecurity Problem

Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.

Download Now!

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

Assessing Cybersecurity Risk in Today's Enterprise

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-20391
PUBLISHED: 2020-01-22

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.

CVE-2019-20392
PUBLISHED: 2020-01-22

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

CVE-2019-20393
PUBLISHED: 2020-01-22

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

CVE-2019-20394
PUBLISHED: 2020-01-22

A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

CVE-2019-20395
PUBLISHED: 2020-01-22

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]