Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Protecting The Network From Bring-Your-Own Vulnerabilities
Newest First  |  Oldest First  |  Threaded View
hudson.josh
50%
50%
hudson.josh,
User Rank: Apprentice
10/10/2013 | 3:18:41 AM
re: Protecting The Network From Bring-Your-Own Vulnerabilities
BYOD is a big security problem, but many companies are willing to deal with it because of the potential productivity gains. BYOD devices login on to a network is simply going to be the reality of enterprise IT, but the most important thing is to secure the data and not just on the network but with the various ways device now communicate. Our hospital put a BYOD policy in place to use Tigertext (www.tigertext.com) for HIPAA complient text messaging, mostly to deal with the reality that the doctors were sending patient data over regular SMS which is not HIPAA compliant. The reality was that the doctors were doing this because it was more efficient for them. Now we have the doctor using HIPAA compliant tigertext and the patient processing productivity doubled in the last quarter - a significent business advantage. Yes, BYOD is a big security issue, and yes their are real productivity gain to be had, but IT is going to have to be creative to get them and maintain security.
Snyper82
50%
50%
Snyper82,
User Rank: Apprentice
9/26/2013 | 3:21:15 PM
re: Protecting The Network From Bring-Your-Own Vulnerabilities
Excellent points, can I get some more "how to suggestions" though?
For example, you quoted that business should care about the data and not the device. This is done in part by encrypting the data, but if the device is compromised, then encryption doesn't do a whole lot - assuming unlocking the device unlocks the encryption.
Am I off base?


Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32823
PUBLISHED: 2021-06-24
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with &lt...
CVE-2021-35041
PUBLISHED: 2021-06-24
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainabl...
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.