Three CISOs Share How to Run an Effective SOC

The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites...

WordPress KPIS CTA Buttons Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software KPIS CTA Buttons Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2cbe82135686 Credits Rafie Muhammad Patchstack Require...

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three

In the final installment of our webinar “Confronting Security Fears to Control Cyber Risk,” Jason Hart, Rapid7’s Chief Technology Officer, EMEA, discusses how adopting a cyber target operating model can eliminate cybersecurity silos and increase the effectiveness of your cybersecurity program. If...

Building Cybersecurity KPIs for Business Leaders and Stakeholders

In the final part of our “Hackers 're Gonna Hack” series, we’re discussing how to bring together parts one and two of operationalising cybersecurity together into an overall strategy for your organisation, measured by key performance indicators KPIs. In part one, we spoke about the problem, which...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

Advanced Bot Protection Handling More Traffic Than Ever

It’s been six months since we launched the Advanced Bot Protection solution as fully integrated into Imperva’s Application Security platform. Previously, the Advanced Bot Protection solution lived on a separate platform, known as the ‘Distil’ platform, from our acquisition of Distil Networks...

Download: 2019 Security Team Assessment Template

As a security professional, it is critical that you assess the performance of your security team and keep in-the-know regarding your current security posture, in addition to planning ahead. ‘The Ultimate 2019 Security Team Assessment Template‘ is a first-of-its-kind tool that encapsulates all the...

The Ultimate 2019 Security Team Assessment Template

Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead. 'The Ultimate 2019 Security Team Assessment Template' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time an...

Design/Logic Flaw

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-15466 Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...

CVE-2018-15466

CVE-2018-15466 describes unauthenticated access to the Graphite web interface of Cisco Policy Suite’s PCRF. The issue stems from a lack of authentication, enabling an unauthenticated, remote attacker with internal-VLAN access to directly connect to the Graphite interface and view statistics/KPIs ...

Psychological Aspects of Vulnerability Remediation

In my opinion, Remediation is the most difficult part of Vulnerability Management process. If you know the assets in your organization and can assess them, you will sooner or later produce a good enough flow of critical vulnerabilities. But what the point, if the IT team will not fix them?...

How public-private partnerships can combat cyber adversaries

For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote...