Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Rohyt Belani
Twitter
LinkedIn
RSS
E-Mail

Profile of Rohyt Belani

Chief Threat Scientist
Member Since: 5/12/2014
Author
News & Commentary Posts: 1
Comments: 0

Gary Warner is one of PhishMe's elite cybercrime researchers, where his current research areas are malware analysis, social networks of cyber criminals, hate groups, and terrorists. Involved in cybersecurity since 1989, he began his career helping large organizations connect securely to the internet. He has worked as an IT director for a publicly-traded utility, and has served as a task force officer for the FBI Cybercrimes Task Force. With regards to critical infrastructure protection, he founded the Birmingham InfraGard chapter, and has served on the national boards of the FBI's InfraGard program and DHS's Energy ISAC.

Since 2007, Warner has been teaching and researching at the University of Alabama at Birmingham in an interdisciplinary program that applies computer science solutions to justice science problems. His research has been supported by the Department of Justice, the Department of Homeland Security, and many corporate partners. He has been awarded the Microsoft MVP Award in Enterprise Security five times, received the IC3.gov/NCFTA Partnership Award and has been recognized by former FBI Director Robert Mueller for Exceptional Service in the Public Interest. His early research in spam and phishing intelligence led to the creation of Malcovery Security, acquired by PhishMe in 2015.

Articles by Rohyt Belani
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18281
PUBLISHED: 2019-10-23
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
CVE-2019-18344
PUBLISHED: 2019-10-23
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).
CVE-2019-16976
PUBLISHED: 2019-10-23
In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
CVE-2019-18219
PUBLISHED: 2019-10-23
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.
CVE-2019-18220
PUBLISHED: 2019-10-23
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagi...