Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Q&A: DEF CON At 22
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/20/2014 | 11:55:42 AM
Re: More Than Just Cost Benefit
Jeff has great insight and perspective on this topic with his role in the security community, his meeting Gen. Alexander at DEF CON in 2012, and his work on the Homeland Security Advisory Council. 
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
8/20/2014 | 11:48:49 AM
More Than Just Cost Benefit
I agree with Jeff Moss that I'd like to see the NSA have to justify to Congress why it needs unlimited budget to do unlimited information capture. Even more importantly, I'd like to see Congress push back hard on the need for unlimited information capture. I think it's posionous to a democracy to have that kind of unlimited surveillance.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3159
PUBLISHED: 2021-07-23
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
CVE-2021-25203
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2021-25204
PUBLISHED: 2021-07-23
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVE-2021-25206
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVE-2021-25208
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.