Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
30% of Major CEOs Have Had Passwords Exposed
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
jualqncjellygamat39
jualqncjellygamat39,
User Rank: Apprentice
11/1/2017 | 10:33:46 PM
Re: Ill Advised

 

 

 

pusat penjual qnc jelly gamat

Very nice and interesting post. Beautifully structured and very close to facts. I found myself lucky to go through it. Hope to have more post in future like this ...

 

 

 

mulyawan
mulyawan,
User Rank: Apprentice
11/1/2017 | 4:32:07 AM
Re: Part of the game
what a surprise!
RyanSepe
RyanSepe,
User Rank: Ninja
10/31/2017 | 9:21:04 AM
Re: Misuse of company asset
""Misuse of company asset, they must be educated"


This is a great point. All users are susceptible to password exfiltration. User awareness is a pivotal piece of the puzzle to maintaining a secure environment. Employees are the #1 risk to company data.
RyanSepe
RyanSepe,
User Rank: Ninja
10/31/2017 | 9:18:42 AM
Re: Ill Advised
"See footnote for Equifax"

As much of a travesty as this was for Equifax. This provided more than enough justification for Vulnerability Management Programs to take greater priority. Sad that it had to come at the loss of hundreds of millions of NPI elements.

 
RyanSepe
RyanSepe,
User Rank: Ninja
10/31/2017 | 9:16:22 AM
Re: Ill Advised
I would hope that they don't prioritize their personal technology/data over their work technology/data because the detriments are much more catastrophic for the latter. Unfortunately you may be right...
Mr Phen375
Mr Phen375,
User Rank: Apprentice
10/28/2017 | 1:46:34 AM
Misuse of company asset
They must be educated. They cannot use company's asset (the corporate email) for private purposes. Should anything bad happens, they've got to be 100% responsible for it.
REISEN1955
REISEN1955,
User Rank: Ninja
10/27/2017 | 1:56:47 PM
Re: Ill Advised
Do not limit this to CEO territory either ---- you can include layers of management down the line up to and including standard users - staff in other words.  And by doing so, a whole new layer of endpoint infections come ot light.  Password complexity is another issue too --- hard to crack, easy to remember is the KEY to good password management and DO NOT use the same one for everything.    But WE know that and most people DO NOT. 
Dr.T
Dr.T,
User Rank: Ninja
10/27/2017 | 1:00:52 PM
Re: Ill Advised
"See footnote for Equifax"

I think Equifax knew what they were doing, they just did not want to spend enough money to go through the trouble of keeping systems up to date.
Dr.T
Dr.T,
User Rank: Ninja
10/27/2017 | 12:59:06 PM
Re: Ill Advised
"DON'T KNOW THE RISKS"

I agree, I also add, they also do not care. Until they experience a big attack then they are out of business, it would not matter anyway.
Dr.T
Dr.T,
User Rank: Ninja
10/27/2017 | 12:57:43 PM
Re: Ill Advised
"Email addresses are FRE"

This is true but I do not think, CEOs can manage more than one email.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-29376
PUBLISHED: 2022-05-23
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVE-2022-30015
PUBLISHED: 2022-05-23
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.
CVE-2022-28999
PUBLISHED: 2022-05-23
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.
CVE-2022-29002
PUBLISHED: 2022-05-23
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
CVE-2022-31489
PUBLISHED: 2022-05-23
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.