Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2012 Will Be The Year Of The...
Newest First  |  Oldest First  |  Threaded View
JCharles
50%
50%
JCharles,
User Rank: Apprentice
12/21/2012 | 4:08:42 PM
re: 2012 Will Be The Year Of The...
So what do you need, good Security devices, a Big Data SIEM like Secnology and a Security Expert to set the rules, make the calls and educate the users.
LAgurkis
50%
50%
LAgurkis,
User Rank: Apprentice
12/21/2012 | 3:16:29 PM
re: 2012 Will Be The Year Of The...
The message in this article should be repeated again and again. All too often the insider threat is overlooked, particularly that of those with ultimate privilege.- This happens despite regulatory guidance out there that demands privileged user access and action be managed, monitored and reported. A combo of technology (available today) and education is a must.
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
12/20/2012 | 3:50:13 PM
re: 2012 Will Be The Year Of The...
Anyone have any war stories on database-hardening steps? What are some things to look out for?

Kelly Jackson Higgins, Senior Editor, Dark Reading
dr606
50%
50%
dr606,
User Rank: Apprentice
12/20/2012 | 7:15:45 AM
re: 2012 Will Be The Year Of The...
Informative article
dr600
50%
50%
dr600,
User Rank: Apprentice
12/20/2012 | 7:13:18 AM
re: 2012 Will Be The Year Of The...
Yes i agree !!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:09:07 AM
re: 2012 Will Be The Year Of The...
This is serious stuff!-
The only things that will change this horrendous
situation are if Congress finally passes a CyberSecurity Bill that has
measurable accountability controls and/or we suffer an attack that takes out
our power grid or another piece of critical infrastructure. I know there's a
lot of fear mongering out there which is unfortunate as it then becomes
difficult for people to separate the wheat from the chafe. I've been in the IT
Security space for enough time to understand how fragile our corporate and
government infrastructure is. Let's not remain in denial mode G everyone needs
to rally behind this initiative and make it happen. http://blog.securityinnovation...
DonGt you think?
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:08:30 AM
re: 2012 Will Be The Year Of The...
Great article!-I personally enjoyed every GǣmythGǥ you
brought up and this article sure made my day! When it comes to Software
Vulnerability Management, my motto is: Be sure to classify and be careful with
your fix! When you conduct an application security assessment, whether itGs a
static analysis scan, dynamic analysis scan, penetration test, or code review,
you are going to be presented with a set of vulnerabilities to fix. Often
times, there are more vulnerabilities to be fixed than time to fix them, so how
do you determine which you should address? There are three approaches that I
use and that work well individually, and more effectively, collectively: DREAD,
Data Asset Classification, Criticality Definitions. To better understand what I
mean, hereGs a great article: http://blog.securityinnovation...
. Keep up the good work!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:07:45 AM
re: 2012 Will Be The Year Of The...
Very insightful article!-No one has to tell you that
with the increased usage of mobile and social applications, or social
applications on mobile devices reaching an all-time high, this opens up a can
of security concerns. And thereGs lots of buzz, from a security standpoint, on
different types of attack examples and how organizations are going to need to
implement a strategy -- soon. However, the most threatening of security risks
to the enterprise outside malicious or unknowing insiders are clearly malicious
third-party applications that often use sensitive user data. These applications
take control over mobile devices for personal data retrieval, UI impersonation,
unauthorized dialing and payments, or unauthorized network connectivity. HereGs
a great article I think you might find interesting: http://blog.securityinnovation....
Keep up the good work!-
SSERGIO123
50%
50%
SSERGIO123,
User Rank: Apprentice
12/20/2012 | 4:14:37 AM
re: 2012 Will Be The Year Of The...
We have all the technology we need. What-s lacking is infosec education.
joes12
50%
50%
joes12,
User Rank: Apprentice
1/30/2012 | 5:01:51 AM
re: 2012 Will Be The Year Of The...
Though 2012 be a cyberwar, but to fight with them new technologies can also be expected to come, in order to have even more secured .


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23371
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23373
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23374
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.