Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Content by Jeff.schilling

Jeff.schilling
Member Since: December 1, 2014
Author
Blog Posts: 16
Posts: 18

Most Recently Posted

All (34)           Blogs (16)           Comments (18)          
All
DevOpsSec: A Big Step in Cloud Application Security
Commentary  |  10/3/2017  | 
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
Best Practices for Lowering Ransomware Risk
Commentary  |  3/1/2017  | 
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
Comment: Re: Pah. - Jeff.schilling - 9/29/2016
Hacking The Polls: Where US Voting Processes Fall Short
Commentary  |  9/28/2016  | 
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
Internal Pen-Testing: Not Just For Compliance Audits Anymore
Commentary  |  4/20/2016  | 
How turning your internal penetration team into a 'Friendly Network Force' can identify and shut down the cracks in your security program.
Measuring Security: My Dwell Time Obsession
Commentary  |  2/29/2016  | 
How I discovered the critical metric to fuel my drive to create the most secure environment possible.
Data Insecurity: Flawed Technology Or Outdated Business Process?
Commentary  |  1/6/2016  | 
When it comes to protecting critical data, legacy processes are just as vulnerable as legacy software.
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Commentary  |  10/22/2015  | 
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
Data Protection: The 98 Percent Versus The 2 Percent
Commentary  |  8/11/2015  | 
Four steps for defending your most sensitive corporate information from the inside out.
In The Cyber Realm, Lets Be Knights Not Blacksmiths
Commentary  |  7/2/2015  | 
Why the Internet of Things is our chance to finally get information security right.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
Comment: Re: REGIN - Jeff.schilling - 1/8/2015
Comment: Re: REGIN - Jeff.schilling - 1/7/2015
Deconstructing The Sony Hack: What I Know From Inside The Military
Commentary  |  1/6/2015  | 
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.