Security CERT Global

    • CERT-SE:s veckobrev v.16
      Lite gott och blandat nyhetssvep denna vecka ... lite giga-läckage av personuppgifter möts upp med en artikel på informationssakerhet.se med goda råd om känslig information i sociala medier. Läs om ... read more
    • CERTFR-2021-AVI-308 : Vulnérabilité dans F5 BIG-IP (23 avril 2021)
      Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer un déni de service. ... read more
    • CERTFR-2021-AVI-310 : Multiples vulnérabilités dans IBM Db2 (23 avril 2021)
      De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
    • CERTFR-2021-AVI-311 : Multiples vulnérabilités dans Microsoft Edge (23 avril 2021)
      De multiples vulnérabilités ont été découvertes dans Microsoft Edge (basé sur Chromium). Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
    • CERTFR-2021-AVI-309 : Vulnérabilité dans Wireshark (23 avril 2021)
      Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
    • CVE-2020-7851 (file_transfer_solution)
      Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ... read more
    • CVE-2021-2198
      Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with ... read more
    • CVE-2021-31607
      In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file ... read more
    • Le modèle Zero Trust
      Si le modèle Zero Trust s’inscrit dans la logique de « défense en profondeur » promue historiquement par l’ANSSI, il constitue une modification du paradigme de la stricte logique périmétrique ... read more
    • JVN: Horner Automation 製 Cscape に複数の脆弱性
      Horner Automation が提供する Cscape には、複数の脆弱性が存在します。続きを読む ... read more
    • ASB-2021.0099 – [Win] Microsoft Edge: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0099 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft ... read more
    • ESB-2021.1389 – [Appliance] Mitsubishi Electric GOT series products: Unauthorised access – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1389 Advisory (icsa-21-112-02) Mitsubishi Electric GOT 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mitsubishi Electric ... read more
    • ESB-2021.1388 – [Win][Appliance] Horner Automation Cscape: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1388 Advisory (icsa-21-112-01) Horner Automation Cscape 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Horner Automation ... read more
    • CVE-2021-23380 (roar-pidusage)
      This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker ... read more
    • CVE-2021-23381 (killing)
      This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2020-28141 (online_discussion_forum)
      The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that ... read more
    • CVE-2021-23379 (portkiller)
      This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2021-31597
      The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request ... read more
    • CVE-2021-2197
      Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network ... read more
    • CVE-2021-2203
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2207
      Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged ... read more
    • CVE-2021-2223
      Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Receipts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via ... read more
    • CVE-2021-2142
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). The supported version that is affected is ... read more
    • CVE-2020-17563
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " ... read more
    • CVE-2021-2136
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, ... read more
    • CVE-2020-17564
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the ... read more
    • CVE-2021-2141
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are ... read more
    • CVE-2021-2008
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version ... read more
    • CVE-2021-2053
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is ... read more
    • CVE-2021-2135
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are ... read more
    • CVE-2021-2134
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version ... read more
    • CVE-2021-2140
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions ... read more
    • ESB-2021.1382 – [Debian] wpa: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1382 wpa security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wpa Publisher: Debian Operating ... read more
    • ESB-2021.1387 – [Linux][AIX] db2: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1387 IBM DB2 Affected by Java Vulnerability 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: db2 ... read more
    • ESB-2021.1386 – [SUSE] qemu: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1386 Security update for qemu 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: SUSE ... read more
    • ESB-2021.1385 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1385 JSA11125 - 2021-04 Security Bulletin: Junos OS: Memory leak when querying Aggregated Ethernet (AE) interface statistics (CVE-2021-0230) ... read more
    • ESB-2021.1384 – [UNIX/Linux][Ubuntu] shibboleth-sp: Execute arbitrary code/commands – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1384 USN-4925-1: Shibboleth vulnerability 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: shibboleth-sp Publisher: Ubuntu Operating ... read more
    • ESB-2021.1383 – [Ubuntu] Dnsmasq: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1383 USN-4924-1: Dnsmasq vulnerabilities 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Dnsmasq Publisher: Ubuntu Operating ... read more
    • ESB-2021.1381 – [Debian] wordpress: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1381 wordpress security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wordpress Publisher: Debian Operating ... read more
    • ESB-2021.1377 – [RedHat] Red Hat OpenShift Service Mesh: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1377 Red Hat OpenShift Service Mesh 1.1.13 security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- ... read more
    • ESB-2021.1379 – [RedHat] Ansible: Access confidential data – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1379 Ansible security update (2.9.20) 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Ansible Publisher: Red ... read more
    • ESB-2021.1380 – [Debian] thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1380 thunderbird security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating ... read more
    • ESB-2021.1378 – [RedHat] OpenShift Serverless Products: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1378 Release of OpenShift Serverless 1.14.0 security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • ASB-2021.0098 – ALERT QNAP NAS: Execute arbitrary code/commands – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0098 Qlocker/eCh0raix ransomware attacks targeting QNAP products 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: QNAP NAS Operating ... read more
    • CVE-2021-31548
      Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or ... read more
    • CVE-2021-31545
      Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted ... read more
    • CVE-2021-30476
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1. ... read more
    • CVE-2021-27400
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when ... read more
    • CVE-2021-29653
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. ... read more
    • CVE-2021-22540
      Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via ... read more
    Older posts

Finding The ROI Of Threat Intelligence: 5 Steps

Finding The ROI Of Threat Intelligence: 5 Steps
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.

Step 1. Develop Key Performance Indicators (KPI)
Step 2. Continually evaluate and reassess threat intelligence providers
Step 3. Prioritize alerts to efficiently utilizing security analysts’ time
Step 4. Foster collaboration between ALL analyst teams
Step 5. Pilot threat intelligence providers before buying

Source:
https://www.darkreading.com/operations/finding-the-roi-of-threat-intelligence-5-steps-/a/d-id/1321419

Tags: Threat Intelligence,Threat Intelligence Data,Threat Intelligence Information,Threat Intelligence Platforms,