Author

 Mike Convertino
LinkedIn
RSS
E-Mail

Profile of Mike Convertino

CISO & VP, Information Security, F5 Networks
Member Since: 8/24/2016
Author
News & Commentary Posts: 9
Comments: 0

Mike Convertino has nearly 30 years of experience in providing enterprise-level information security, cloud-grade information systems solutions, and advanced cyber capability development. His professional experience spans security leadership and product development at a wide array of organizations including the U.S. government, Fortune 500 companies, and security start-ups. Prior to joining F5, Convertino was previously the Chief Information Security Officer at CrowdStrike, where he was responsible for the security of both CrowdStrike's corporate network and its product platform.

Convertino holds a Bachelor of Science degree in Electrical Engineering (BSEE) and Master's degrees in Management Information Systems from Webster University and in International Security Studies from the U.S. Air Force. He has been a featured industry and government speaker at DoD Cybercrime, GFIRST, RSA, Black Hat and DEFCON, and U.S. Attorney's Office conferences on topics in risk management, intrusion detection, and cyber policy.

Articles by Mike Convertino
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17208
PUBLISHED: 2018-09-19
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell me...
CVE-2018-17205
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not ex...
CVE-2018-17206
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2018-17207
PUBLISHED: 2018-09-19
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2017-2855
PUBLISHED: 2018-09-19
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HT...