Risk

3/30/2015
10:05 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)

The year's started off with a bang; will we hear risk management pros whimper?
Previous
1 of 8
Next

We've only gotten through a single financial quarter and already 2015 is on pace to be a doozy of a breach year. With a pair of the biggest healthcare breaches on record, along with some eye-opening compromises and continued examples of zero-day exploits and DDoS attacks, the year to date shows that CISOs and risk officers still have a lot of work to do in order to mitigate IT risks to their organizations. 

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hho927
0%
100%
hho927,
User Rank: Guru
3/31/2015 | 7:18:34 PM
Re: Only the Beginning
It's more complex than that.

It's either: 1) Management is not competent. Some managers are like "what are you doing? You're not doing anything productive. We don't see any result. We are wasting money." 2) Then there are incompetent security experts who are faking security. They are not doing aything + keeps making things up and pointing fingers.

Security is trying to find out the holes, try to break, try to exploit the system. Most of the time is trying to break the system and then finding the solution. How do you know they are lying, playing or working without a total understanding of the computer security?
Jason.straight@unitedlex.com
50%
50%
[email protected],
User Rank: Apprentice
3/31/2015 | 12:52:55 PM
Re: Only the Beginning
So true!
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/30/2015 | 12:42:22 PM
Only the Beginning
These are only the beginning...We still have a majority of the year left and it seems many organizations are taking a reactive approach and rolling the dice.
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
CVE-2018-8010
PUBLISHED: 2018-05-21
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerabilit...