Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333PUBLISHED: 2022-05-09RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463PUBLISHED: 2022-05-08ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470PUBLISHED: 2022-05-08marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620PUBLISHED: 2022-05-08NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
User Rank: Apprentice
7/19/2017 | 8:27:03 AM
CSO Magazine said this year that worldwide, there are 1 Million unfilled jobs. When you consider women in the network defender community, we find that they are almost non-existent. Forbes said last year that women make up only 11% of the cybersecurity workforce. If you add a minority to that checklist, say a black or Hispanic woman, that number drops to under 1%.
Clearly, if we are to close the gap, women and minorities have to be a source.
And we just can't tell our HR departments to hire more. Facebook, Google and others have all tried and failed.
Part of problem is that many women and minorities lose interest in STEM (Science, technology, engineering and math) subjects before they get to college. There are many reasons for this that have been well documented: male dominated culture turns women off, popular culture pushes women into "traditional" women's roles, minorities do not have access to strong STEM education, and others.
Another part of the problem stems from the cybersecurity old guard (Old white guys). We are the ones doing the hiring. We are the ones that tolerate sexism in the workplace when what we should be doing is stamping it out at every opportunity. We are the ones that are not mentoring the few minorities that do work for us and knocking down the obstacles that prevent them from succeeding.
This is the message that the network defender community should be hearing; especially from the old guard. Presenting that information at one of the most well-attended network defender conferences on the planet is a good place to do it.
Very respectfully,
Rick Howard
CSO
Palo Alto Networks
Full Disclosure: I am on Kelly's panel at Blackhat.