Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Do You Need A Security Operations Center?
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
1/29/2012 | 12:11:24 PM
re: Do You Need A Security Operations Center?
There should be two types of computers : Commercial and Experimental.- The experimental computer you can update; the commercial one updates are controlled by policy; the software is audited; and the computer has a Commercial Certification on its x.509 certificate . customers should know the difference in these two types of computers and be allowed to make their own choice
macker490
50%
50%
macker490,
User Rank: Ninja
1/29/2012 | 12:08:13 PM
re: Do You Need A Security Operations Center?
Everyone needs a Security Policy: How am I going to secure my computers and demonstrate the effectiveness of my- policy in a convincing manner?- You MUST control software updates and to demonstrate that your policy is effective you must perform a software inventory audit.- Get after your OEM for this critical missing tool.
macker490
50%
50%
macker490,
User Rank: Ninja
1/29/2012 | 12:04:58 PM
re: Do You Need A Security Operations Center?
C'Mon DR --get DISQUS!!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-19949
PUBLISHED: 2021-09-23
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19950
PUBLISHED: 2021-09-23
A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-19951
PUBLISHED: 2021-09-23
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
CVE-2021-41088
PUBLISHED: 2021-09-23
Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a r...
CVE-2021-29813
PUBLISHED: 2021-09-23
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...