Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

8/14/2015
09:00 AM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

View From The Top: Government’s Role In Cybersecurity

At the DarkReading News Desk, live from Black Hat, industry experts Dan Kaminsky, Richard Bejtlich, Katie Moussouris, Paul Kurtz, and Rod Beckstrom talked about how government is hurting and could be helping infosec.
Previous
1 of 6
Next

Last week we debuted the Dark Reading Video News Desk, streaming live from Black Hat, featuring over 30 interviews with speakers, trainers, and sponsors from the conference. Over the coming weeks, all the individual interviews will be posted here on Dark Reading. 

In the meantime, here is a peek at some opinions about the geo-political aspects of cybersecurity shared at the News Desk by five industry thought leaders -- Richard Bejtlich, chief security strategist for FireEye; Dan Kaminsky, chief scientist and founder of White Ops; Paul Kurtz, CEO of TruSTAR and former cybersecurity advisor to the White House; Katie Moussouris, chief policy officer for HackerOne; and Rod Beckstrom, founding director of the U.S. National Cybersecurity Center and former CEO of ICANN.

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/24/2015 | 4:52:29 PM
Katie Moussouris
I had the pleasure of seeing Katie Moussouris speak on a cybersecurity panel at an event in Boston in November.  She is definitely all about reducing restrictions (legal and otherwise) that disincentivize white-hat hackers -- and had a lot to say about how companies can improve their security posture by welcoming security researchers who discover exploits in their software with open arms (citing her former employer, Microsoft, as a great example of this in how the company handled hacking group Last Stage of Delirium's exploitation of the Blaster worm (the company hired them)).
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVE-2021-29443
PUBLISHED: 2021-04-16
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be throw...