Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2012 Will Be The Year Of The...
Newest First  |  Oldest First  |  Threaded View
JCharles
50%
50%
JCharles,
User Rank: Apprentice
12/21/2012 | 4:08:42 PM
re: 2012 Will Be The Year Of The...
So what do you need, good Security devices, a Big Data SIEM like Secnology and a Security Expert to set the rules, make the calls and educate the users.
LAgurkis
50%
50%
LAgurkis,
User Rank: Apprentice
12/21/2012 | 3:16:29 PM
re: 2012 Will Be The Year Of The...
The message in this article should be repeated again and again. All too often the insider threat is overlooked, particularly that of those with ultimate privilege.- This happens despite regulatory guidance out there that demands privileged user access and action be managed, monitored and reported. A combo of technology (available today) and education is a must.
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
12/20/2012 | 3:50:13 PM
re: 2012 Will Be The Year Of The...
Anyone have any war stories on database-hardening steps? What are some things to look out for?

Kelly Jackson Higgins, Senior Editor, Dark Reading
dr606
50%
50%
dr606,
User Rank: Apprentice
12/20/2012 | 7:15:45 AM
re: 2012 Will Be The Year Of The...
Informative article
dr600
50%
50%
dr600,
User Rank: Apprentice
12/20/2012 | 7:13:18 AM
re: 2012 Will Be The Year Of The...
Yes i agree !!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:09:07 AM
re: 2012 Will Be The Year Of The...
This is serious stuff!-
The only things that will change this horrendous
situation are if Congress finally passes a CyberSecurity Bill that has
measurable accountability controls and/or we suffer an attack that takes out
our power grid or another piece of critical infrastructure. I know there's a
lot of fear mongering out there which is unfortunate as it then becomes
difficult for people to separate the wheat from the chafe. I've been in the IT
Security space for enough time to understand how fragile our corporate and
government infrastructure is. Let's not remain in denial mode G everyone needs
to rally behind this initiative and make it happen. http://blog.securityinnovation...
DonGt you think?
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:08:30 AM
re: 2012 Will Be The Year Of The...
Great article!-I personally enjoyed every GǣmythGǥ you
brought up and this article sure made my day! When it comes to Software
Vulnerability Management, my motto is: Be sure to classify and be careful with
your fix! When you conduct an application security assessment, whether itGs a
static analysis scan, dynamic analysis scan, penetration test, or code review,
you are going to be presented with a set of vulnerabilities to fix. Often
times, there are more vulnerabilities to be fixed than time to fix them, so how
do you determine which you should address? There are three approaches that I
use and that work well individually, and more effectively, collectively: DREAD,
Data Asset Classification, Criticality Definitions. To better understand what I
mean, hereGs a great article: http://blog.securityinnovation...
. Keep up the good work!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:07:45 AM
re: 2012 Will Be The Year Of The...
Very insightful article!-No one has to tell you that
with the increased usage of mobile and social applications, or social
applications on mobile devices reaching an all-time high, this opens up a can
of security concerns. And thereGs lots of buzz, from a security standpoint, on
different types of attack examples and how organizations are going to need to
implement a strategy -- soon. However, the most threatening of security risks
to the enterprise outside malicious or unknowing insiders are clearly malicious
third-party applications that often use sensitive user data. These applications
take control over mobile devices for personal data retrieval, UI impersonation,
unauthorized dialing and payments, or unauthorized network connectivity. HereGs
a great article I think you might find interesting: http://blog.securityinnovation....
Keep up the good work!-
SSERGIO123
50%
50%
SSERGIO123,
User Rank: Apprentice
12/20/2012 | 4:14:37 AM
re: 2012 Will Be The Year Of The...
We have all the technology we need. What-s lacking is infosec education.
joes12
50%
50%
joes12,
User Rank: Apprentice
1/30/2012 | 5:01:51 AM
re: 2012 Will Be The Year Of The...
Though 2012 be a cyberwar, but to fight with them new technologies can also be expected to come, in order to have even more secured .


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...