Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Cartoon: The Insider Threat
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
saipraneeth
saipraneeth,
User Rank: Apprentice
4/17/2015 | 6:58:46 AM
Re: Social engineering the office party..
nice post
GonzSTL
GonzSTL,
User Rank: Ninja
12/16/2014 | 11:45:06 AM
Re: It's a small world
That was undoubtedly awkward for both of you. IT communities within a city are typically small and closely knit. I attend several tech conferences every year and I see the same people time and again, albeit sometimes with different companies. Unfortunately, non-IT executives rarely venture into those gatherings and it is difficult for them to network with IT professionals, so they sometimes have to rely on paper qualifications. I know some IT folks who look very good on paper, but somewhat lacking in actual experience. Things have a way of sorting themselves out though, especially in a highly technical field such as IT.
aws0513
aws0513,
User Rank: Ninja
12/16/2014 | 11:33:59 AM
Re: It's a small world
The situation was somewhat less than seredipitous.
From what I learned later, the guy omitted or "embellished" certain details about his work history.
Definitely an awkward situation for my friend.  He was desparate for a security professional leader for the executive team, but found out after the fact that he had possibly hired a lemon.

I told my friend that it was not uncommon for paths to cross in the security industry.  Good security professionals understand and commonly engage the power of human networking and knowledge sharing.
GonzSTL
GonzSTL,
User Rank: Ninja
12/16/2014 | 10:57:53 AM
Re: It's a small world
Reminds me of that long standing joke about government employees - if you do good work, you are considered invaluable in that position and simply stagnate; but if you screw up, you are removed from the position and then get promoted!
aws0513
aws0513,
User Rank: Ninja
12/15/2014 | 4:00:01 PM
It's a small world
Awhile back, I was attending a small scale IT security symposium.
The first part of the event was a short social time where everyone had bagels and coffee before the first presentation. 

It was shortly into that social time when I ran into a good friend who happened to be an executive for another company in the city where this conference was located.  He wanted to introduce me to his new CISO and sent his administrative assistant to fetch him from somewhere on the other side of the crowded room.

A few moments later, the assistant came back somewhat upset. She mentioned the CISO had to leave in a rush due to some kind of emergency.  My friend was visibly concerned and hoped that we could link up again in the future.  He then told me the name of this new CISO and if I had heard of him before.

When he told me the name of this new CISO, I first had to verify what the guy looked like and finalized that by mentioning the name of this new CISOs wife.  My friend was amazed I knew the guy and asked where we had crossed paths.

Then I proceeded to inform my friend how approximately a year prior I was involved in getting his new CISO released (fired) from a network manager position at another organization we both happened to work for.  The reasons for which I was not at liberty to disclose.

Awkward...
Soozy G. Miller
Soozy G. Miller,
User Rank: Apprentice
12/15/2014 | 1:18:01 PM
for a day
Maybe if it could be stolen for a day and I could be someone else for just that day, it would be cool. Like Madonna. Or Kate Middleton. Or Gwen Stefani. Would I get Gwen's voice along with her identity?
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
12/4/2014 | 12:20:46 AM
Re: Who's stealing from whom?
@ODA155: haha, you flatter me.

Okay, someone with more money, then.  :p
ODA155
ODA155,
User Rank: Ninja
12/3/2014 | 5:28:38 PM
Re: Who's stealing from whom?
@Joe Stanganelli,... Someone "cooler" than you... dude, how is that even possible?
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
12/3/2014 | 10:57:48 AM
Re: Who's stealing from whom?
LOL, Joe. If only it was that simple..
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
12/3/2014 | 1:12:56 AM
Who's stealing from whom?
Sometimes I worry about having my identity stolen.

Then I think that if that ever happened, I could seize the opportunity to take on the identity of someone cooler.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building the SOC of the Future
While an attacker just needs to find one vulnerability to get in to the network, the defender has to look everywhere. Defenders have to identify, disrupt, and stop attacks in the short period of time between when an attacker gets in and causes damage. One way is a security operations center to get that "all the time" coverage. What's Inside: --AI and cybersecurity response --Automation --Proctive threat hunting --Next-gen SIEM
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-3276
PUBLISHED: 2022-10-07
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
CVE-2022-41574
PUBLISHED: 2022-10-07
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoi...
CVE-2022-31680
PUBLISHED: 2022-10-07
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
CVE-2022-31681
PUBLISHED: 2022-10-07
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
CVE-2022-3275
PUBLISHED: 2022-10-07
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.