Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:32:54 PM
Authorization
For insider threats; in addition to authentication one can apply authorization strategies so not everybody gets everything but only what they need. That may minimize the threat.
Exabeam_Orion
50%
50%
Exabeam_Orion,
User Rank: Apprentice
8/28/2017 | 12:37:38 PM
Re: Spoiler alert
@Joe -I love it.  Now if we can only come up with a proper security analogy for zombei ice dragons! ;)
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
8/28/2017 | 11:11:26 AM
Wonderful Story about Patton
During the 1930s he was taking a night walk around his command with an aide when they came upon a sentry.  (Call that the sentry the firewall).  While Patton watched in the dark, the aide came to the sentry and asked "Soldier, where you do expect trouble to come from?"   The sentry saluted, turned and pointed INSIDE the compound.  Astonished, the aide asked "Why?"  The sentry quickly responded " Sir, you asked where trouble would come from - that is different fron where the enemy would come from.  I know sir that if I failed to do my job, the commanding officer of the post (pointed inside) would come at me with a ton of trouble.  Sir"  Patton roared with laughter and said "Don't bother that man anymore, he knows how to do his job."
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
8/25/2017 | 7:28:11 PM
Spoiler alert
@Orion: Great minds think alike: This analogy is exactly what has been on my mind this season with Arya and her storylines, and I've remarked on the same when watching the show.

(It's been even more on my mind of late with recent events and possible theories as to what last episode's events might possibly be building up to.)
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40690
PUBLISHED: 2021-09-19
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the &quot;secureValidation&quot; property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract...
CVE-2021-41073
PUBLISHED: 2021-09-19
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/&lt;pid&gt;/maps for exploitation.
CVE-2021-23441
PUBLISHED: 2021-09-19
All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.