Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why You Need a Global View of IT Assets
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/10/2019 | 3:56:41 PM
Great commentary, this was good.
I wish NASA would have taken this into consideration because the data they lost in the Raspberry PI (the PI was not discovered only after 10 months passed with no detection) is beyond me.

This is something they need to practice and put in place, inventorying their environment (consistently).

I think this article is definitely meant for them, very good.



I have not heard any firings of anyone, it is interesting what we hear from this incident.

T


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11559
PUBLISHED: 2019-09-17
A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.
CVE-2019-15729
PUBLISHED: 2019-09-17
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVE-2016-10983
PUBLISHED: 2019-09-17
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.
CVE-2016-10984
PUBLISHED: 2019-09-17
The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.
CVE-2016-10985
PUBLISHED: 2019-09-17
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.