'Hidden Tunnels' Help Hackers Launch Financial ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

Joe Stanganelli,
User Rank: Ninja
6/26/2018 | 10:59:41 PM

Re: On Equifax

> results driven at the expense of ALL ELSE which means downtime is bad. And that means application of security patches can be delayed forever.

And that means problems at the highest levels just as much as it means problems at the lower levels. What do you want to bet the reporting structure was such that the CISO was reporting to the CIO despite the conflict of interest?

Reply | Post Message | Messages List | Start a Board

50%

Joe Stanganelli,
User Rank: Ninja
6/26/2018 | 10:58:05 PM

Re: On Equifax

@REISEN: Indeed. For the CEO to present that (let alone think that), it suggests that there was a fundamental failure in how the CISO position was handled. I tend to suspect that Equifax's CISO was treated as the typical lower-case-c-suiter that the role is too often treated as -- as opposed to someone who is actually at the strategy table.

Reply | Post Message | Messages List | Start a Board

50%

REISEN1955,
User Rank: Ninja
6/21/2018 | 3:56:19 PM

Re: On Equifax

It is an interesting place, certainly not a FUN work environment - look up reviews and it seems fairly political and results driven at the expense of ALL ELSE which means downtime is bad. And that means application of security patches can be delayed forever.

Reply | Post Message | Messages List | Start a Board

50%

gif-washco,
User Rank: Apprentice
6/21/2018 | 3:33:25 PM

Re: On Equifax

I agree. If the organization has good leadership and IT management processes, a single person would not have caused such a problem (or used as an excuse, in this case). The true issue with Equifax is leadership and management, not a single person who may have not patched a server. When the entire Equifax board of directors were re-elected after the massive security breach and no ramifications were incurred by this same BoD, the lack of responsbile leadership is telling...

Reply | Post Message | Messages List | Start a Board

100%

REISEN1955,
User Rank: Ninja
6/21/2018 | 7:59:10 AM

On Equifax

Telling story in more ways than one - excellent analysis of what went bad at Equifax and in telling contrast to the stupid comment by the ex-CEO that the entire breach - ALL OF IT - was due to one, repeat, ONE IT staffer who failed to apply an update. Incredible ignorance level at the C-Suite. And respect falls away rapidly thereafter for their understanding of IT in general ( OUTSOURCE, CUT EXPENSE ) and securityin particular.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

AI Is Everywhere, but Don't Ignore the Basics

Howie Xu, Vice President of AI and Machine Learning at Zscaler, 9/10/2019

Third-Party Features Leave Websites More Vulnerable to Attack

Dark Reading Staff 9/10/2019

Fed Kaspersky Ban Made Permanent by New Rules

Dark Reading Staff 9/11/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Enterprise Connect Conference & Expo 2020 - Registration Now Open!

More Informa Tech Live Events

White Papers

Hackers & Artificial Intelligence: A Dynamic Duo

2019 State of the Internet/Security: Financial Services Attack Economy

Testing Security Effectiveness

VPNs' Future: Less User Reliant, More Transparent, & Smarter

Data Science & AI in the Fast Lane

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: We've got a new caption contest! Enter and win a $$25 Amazon gift card.

Cartoon Archive

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-14540
PUBLISHED: 2019-09-15

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

CVE-2019-16332
PUBLISHED: 2019-09-15

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

CVE-2019-16333
PUBLISHED: 2019-09-15

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

CVE-2019-16334
PUBLISHED: 2019-09-15

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

CVE-2019-16335
PUBLISHED: 2019-09-15

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Terms of Service
Privacy Statement
Legal Entities