Comments
One in Three SOC Analysts Now Job-Hunting
Newest First  |  Oldest First  |  Threaded View
Araedon
100%
0%
Araedon,
User Rank: Apprentice
2/13/2018 | 1:15:40 PM
Cybersecurity is a constant battle.
Of course, SOC Analysis is a high burnout job. After 17 years in the cybersecurity field, directly and indirectly, the refusal to see security as a critical business process will burn out the most idealistic and enthusiastic practitioner. If the employee has to face dismissive administration on a daily basis, how do you think they'll react? I'm surprised that more insider threats don't come from the cybersecurity professionals after being treated like a leper for most of their careers. Our jobs aren't to make life harder for the users, but for the cybercriminals that take advantage of them. Somehow, through cultural pressure, the cybersecurity professional has become almost a derogatory term thanks to the lack of understanding from management perspectives. We have to lead up the chain of authority but we've become Sisyphus pushing the cybersecurity boulder up the hill for all eternity because it's not the easiest solution. We need support from our co-workers and especially our leadership to take security more seriously.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1732
PUBLISHED: 2018-08-17
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sen...
CVE-2018-15356
PUBLISHED: 2018-08-17
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15357
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15358
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15359
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.