Security CERT Global

    • CVE-2020-27272 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows ... read more
    • CVE-2021-2029 (scripting)
      Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access ... read more
    • CVE-2020-27256 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin ... read more
    • CVE-2020-27276 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities ... read more
    • CVE-2020-27270 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically ... read more
    • CVE-2021-21270
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server ... read more
    • CVE-2020-28487
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element ... read more
    • CVE-2020-12511
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web ... read more
    • CVE-2020-12513
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2021-21259
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker ... read more
    • CVE-2020-4766
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending ... read more
    • CVE-2020-12512
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12514
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a ... read more
    • CVE-2020-12525
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data ... read more
    • CVE-2021-21260
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers ... read more
    • CVE-2020-4887 (aix, vios)
      IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM ... read more
    • CVE-2020-28707 (stockdio_historical_chart)
      The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. ... read more
    • CVE-2021-25178 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. ... read more
    • CVE-2020-28480 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading ... read more
    • CVE-2020-27733 (manageengine_applications_manager)
      Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. ... read more
    • CVE-2020-23342 (anchor_cms)
      A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. ... read more
    • CVE-2020-28479 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. ... read more
    • CVE-2021-25177 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-4983 (spectrum_lsf, spectrum_lsf_suite)
      IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM ... read more
    • CVE-2021-25176 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-12511
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. ... read more
    • CVE-2020-12525
      M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. ... read more
    • CVE-2020-12512
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12513
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2020-12514
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd ... read more
    • CVE-2021-2058 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2055 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2088 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2036 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2038 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker ... read more
    • CVE-2021-2048 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2072 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2061 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2030 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2042 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to ... read more
    • CVE-2021-2060 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable ... read more
    • CVE-2021-2122 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2032 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-2056 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2031 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2087 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2076 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2070 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2046 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2081 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more

IT-OT collaboration needs context and increased visibility –

IT-OT collaboration needs context and increased visibility – Information technology (IT) and operational technology (OT) are continuing the process of […]

Trends for Industry 4.0 in 2020 and Beyond

Trends for Industry 4.0 in 2020 and Beyond – Greater flexibility, virtual validation, industrial controllers, and edge computing are some […]

The IoT Really Does Work in the Factory

The IoT Really Does Work in the Factory – Industrial IoT pays off big in terms of reduced maintenance and […]

ICSaaS – ICS as a cloud service is coming: Will the benefits outweigh the risks?

ICSaaS – ICS as a cloud service is coming: Will the benefits outweigh the risks? –Is plugging critical infrastructure into […]

Managing risk in today’s IoT landscape: not a one-and-done

Managing risk in today’s IoT landscape: not a one-and-done https://www.microsoft.com/security/blog/2020/04/28/managing-risk-todays-iot-landscape-not-one-and-done/ cybersecurity, iiot, scada, cloudscada, icssecurity -holistic approach to minimizing risk […]

Introduce analytics best practices into industrial environments

Introduce analytics best practices into industrial environments -Put analytics in the hands of the process experts who understand the data […]

A Cloud Based Alternative to Traditional SCADA

A Cloud Based Alternative to Traditional SCADA cybersecurity, iiot, scada, cloudscada, icssecurity -one of the benefits of leveraging the IIoT […]

SCADA: Alive and Well in the Age of IoT

SCADA: Alive and Well in the Age of IoT – Despite the onslaught of the Internet of Things within the […]

Artificial Intelligence Arrives at the Edge

Artificial Intelligence Arrives at the Edge – Significant technological advances continue to reshape the AI landscape, and in turn pushing […]

Secure design principles: Guides for the design of Cyber Secure systems: Security design principles and virtualisation

Secure design principles:Guides for the design of Cyber Secure systems:Security design principles and virtualisationhttps://www.ncsc.gov.uk/collection/cyber-security-design-principles/examples/study-virtualisationicssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems, virtualisation

Secure design principles: Guides for the design of Cyber Secure systems: Design principles and Operational Technology

Secure design principles:Guides for the design of Cyber Secure systems:Design principles and Operational Technologyhttps://www.ncsc.gov.uk/collection/cyber-security-design-principles/examples/study-operational-techicssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems, OT

Compliance as a Way to Reduce the Risk of Insider Threats

Compliance as a Way to Reduce the Risk of Insider Threats – Several key resources and controls can help reduce […]

SCADA vulnerabilities in ICS architectures

SCADA vulnerabilities in ICS architectures infosec, cybersecurity. IIoT, ICSaaS, scada, cloudscada

Cybersecurity Capability Maturity Model (C2M2) Program

Cybersecurity Capability Maturity Model (C2M2) Programhttps://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0 icssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems

Emerson Brings Cloud-Based SCADA Into Its Field

Emerson Brings Cloud-Based SCADA Into Its Field https://www.automationworld.com/products/control/news/13319994/emerson-brings-cloudbased-scada-into-its-field scada, cloudscada, IaaS, PaaS acquisition of Zedi’s software and automation businesses – […]

Strategic Efficiency Consortium Security Intelligence Data Platform: Work Flow + Content Map – Jan 2019

SEC Industrial Security Intelligence Data Platform Work Flow SEC Industrial Security Intelligence Data Platform Content Map Updated Jan 2019 Document: […]

SEC Industrial Security Intelligence Data Platform 2019 Document

Strategic Efficiency Consortium Platform Work Flow Content Map Updated for 2019. SEC Industrial Security Intelligence Data Platform 2019 Document Document: […]

7 Habits of Highly Successful Competitive Intelligence Analysts

  1) Be Organized and Disciplined 2) Communicate with Confidence, Clarity, and Credibility 3) Find Meaningful Patterns in Meaningless Noise […]

Top 5 Competitive Intelligence Deliverables to Drive your Project Forward

  Running a Competitive Intelligence monitoring project is similar putting oil into your car. First, you need to identify what […]

7 Practical Steps to Get Started with Security Intelligence

…What Practical Steps Can I Take to Get Started with Security Intelligence?…   Source: https://securityintelligence.com/7-practical-steps-to-get-started-with-security-intelligence/

What Is Threat Intelligence? Definition and Examples

Key Takeaways Threat intelligence is the output of analysis based on identification, collection, and enrichment of relevant data and information. […]

Building a Threat Intelligence Framework to Defend Against Cyberattacks

Goals Before Data What systems, data, and other digital assets must be protected? How do you anticipate threat intelligence will […]

Threat Intelligence’s Big Data Problem

Threat Intelligence’s Big Data Problem Security teams are drowning in often useless threat intel data, but signs of maturity are […]

Finding The ROI Of Threat Intelligence: 5 Steps

Finding The ROI Of Threat Intelligence: 5 Steps Advice from a former SOC manager on how to leverage threat intel […]

6 Surprising Benefits of Threat Intelligence From the Web

6 Surprising Benefits of Threat Intelligence From the Web Key Takeaways The internet is the single greatest learning resource ever […]

Threat Intelligence, Information, and Data: What Is the Difference?

Threat Intelligence, Information, and Data: What Is the Difference? Key Takeaways There’s a huge difference between threat data, information, and […]

SEC Security Report October 2017

SEC Security Report October 2017 Editor Picks: News Intelligence Alerts Reports  

SEC Security Report September 2017

SEC Security Report September 2017: Editor Picks: News Intelligence Alerts Reports   WannaCry Post Mortem: Early Warning Indicators and Lessons Learned […]

MGS+ ICS Security Report August 2017

MG Strategy+ ICS Security Report August 2017: Editor Picks: News Intelligence Alerts Reports   Financial malware more than twice as prevalent […]

Center for Internet Security MS-ISAC Alert Level

Center for Internet Security MS-ISAC Alert Level

Digital Attack Map Top Daily DDoS attacks worldwide

Arbor Networks Digital Attack Map Top Daily DDoS attacks worldwide

Cybermap Kaspersky

Kaspersky Cybermap

MGS+ ICS Security Report July 2017

MG Strategy+ ICS Security Report July 2017: Editor Picks: News Intelligence Alerts Reports   Power plant cyber threat: Lock up your […]

MGS+ ICS Security Report June 2017

MGS+ ICS Security Report June 2017: Editor Picks: News Intelligence Alerts Report   Why Future Emphasis Should be on Algorithms – […]

Threat Intelligence could turn the tide against cybercriminals

  Threat Intelligence could turn the tide against cybercriminals   Now that many security tools are generating alerts about possible […]

MGS+ ICS Security Report May 2017

MGS+ ICS Security Report May 2017: Editor Picks: News Intelligence Alerts Report   ABB buys B&R to help it challenge Siemens […]

MGS+ ICS Security Report April 2017

MGS+ ICS Security Report April 2017: Editor Picks: News Intelligence Alerts Report   2017 Security 100: 20 Coolest Endpoint Security Vendors […]

How Do Security Intelligence Solutions Differ from First-Gen SIEM Products

….let’s draw a clear picture of how modern Security Intelligence solutions evolved – and differ – from first-generation SIEM products…. […]

MGS+ ICS Security Report March 2017

MGS+ ICS Security Report March 2017: Editor Picks: News Intelligence Alerts Reports   World’s Biggest Data Breaches Selected losses greater than […]

What Is Security Intelligence and Why Does It Matter Today?

… “Security intelligence is the real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that […]

Six Things You Always Wanted to Know about Security Intelligence but Were Afraid to Ask

Clear answers to practical questions about Security Intelligence:   What is Security Intelligence and why does it matter today? How […]

How Quickly Can You Realize ROI on Your Security Intelligence Deployment?

Today’s Security Intelligence solutions learned from the mistakes of the past and are delivering value in days. Here’s how…   […]

The Definition of Security Intelligence

IBM Security Intelligence Product Expert offers strategy guidance to help IT security teams detect and respond to threats in today’s […]

What Are the Benefits of Security Intelligence?

…let’s get down to brass tacks and review the benefits organizations are gaining from their SI deployments. Here are several […]