Security CERT Global

    • お知らせ:「インシデント報告Webフォーム」メンテナンス(2021/02/04)のお知らせ
    • CVE-2020-8570
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current ... read more
    • CVE-2021-21239
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic ... read more
    • CVE-2021-21238
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic ... read more
    • CVE-2020-26285
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which ... read more
    • CVE-2021-21253
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which ... read more
    • CVE-2020-26295
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to ... read more
    • CVE-2020-8554
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the ... read more
    • CVE-2020-8568
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability ... read more
    • CVE-2020-8567
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to ... read more
    • CVE-2020-8569
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot ... read more
    • ESB-2020.4102.2 – UPDATE [Cisco] Cisco Secure Web Appliance : Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4102.2 Cisco Secure Web Appliance Privilege Escalation Vulnerability 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • ESB-2021.0261 – [Appliance] Mitsubishi Electric MELFA : Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0261 Advisory (icsa-21-021-04) Mitsubishi Electric MELFA 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mitsubishi Electric ... read more
    • ESB-2021.0259 – [Win] Delta Electronics TPEditor: Execute arbitrary code/commands – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0259 Advisory (icsa-21-021-02) Delta Electronics TPEditor 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Delta Electronics ... read more
    • ESB-2021.0257 – [Debian] drupal7: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0257 Debian LTS Advisory DLA-2530-1 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian ... read more
    • ESB-2021.0260 – [Appliance] Honeywell OPC UA Tunneller: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0260 Advisory (icsa-21-021-03) Honeywell OPC UA Tunneller 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Honeywell ... read more
    • ESB-2021.0258 – [Win] Delta Electronics ISPSoft: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0258 Advisory (icsa-21-021-01) Delta Electronics ISPSoft 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Delta Electronics ... read more
    • ESB-2021.0262 – [Win][Appliance] WAGO M&M Software fdtCONTAINER: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0262 Advisory (icsa-21-021-05) WAGO M&M Software fdtCONTAINER 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WAGO ... read more
    • CVE-2020-6776 (praesensa_firmware, praesideo_firmware)
      A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger ... read more
    • CVE-2021-21722 (zxv10_b860a_firmware)
      A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information ... read more
    • CVE-2020-6572 (chrome)
      Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. ... read more
    • CVE-2021-22166 (gitlab)
      An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method ... read more
    • CVE-2021-21009 (campaign_classic)
      Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request ... read more
    • CVE-2020-24639 (airwave_glass)
      There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete ... read more
    • CVE-2020-24638 (airwave_glass)
      Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root ... read more
    • CVE-2021-0206 (junos)
      A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in ... read more
    • CVE-2021-0203 (junos)
      On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the ... read more
    • CVE-2021-0207 (junos)
      An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt ... read more
    • CVE-2021-0202 (junos)
      On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a ... read more
    • CVE-2021-0208 (junos, junos_evolved)
      An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are ... read more
    • CVE-2020-8554
      Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, ... read more
    • CVE-2020-8569
      Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference ... read more
    • CVE-2020-8568
      Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file ... read more
    • CVE-2020-8567
      Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects ... read more
    • CVE-2020-8570
      Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which ... read more
    • CVE-2020-29495 (emc_avamar_server, emc_integrated_data_protection_appliance)
      DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution ... read more
    • CVE-2020-6777 (praesensa_firmware, praesideo_firmware)
      A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin ... read more
    • CVE-2020-29493 (emc_avamar_server, emc_integrated_data_protection_appliance)
      DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of ... read more
    • CVE-2020-29587 (simplcommerce)
      SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results ... read more
    • CVE-2021-0205 (junos)
      When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the ... read more
    • CVE-2021-0204 (junos)
      A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files ... read more
    • CVE-2020-35749 (simple_board_job)
      Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. ... read more
    • CVE-2020-29494 (emc_avamar_server, emc_integrated_data_protection_appliance)
      Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the ... read more
    • WAGO M&M Software fdtCONTAINER
      This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application. ... read more
    • Delta Electronics TPEditor
      This advisory contains mitigations for Untrusted Pointer Dereference, and Out-of-bounds Write vulnerabilities in Delta Electronics TPEditor programming software for Delta text panels. ... read more
    • Delta Electronics ISPSoft
      This advisory contains mitigations for a Use After Free vulnerability in Delta Electronics ISPSoft PLC program development tool. ... read more
    • Honeywell OPC UA Tunneller
      This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, and Uncontrolled Resource Consumption vulnerabilities in Honeywell's OPC UA Tunneller software. ... read more
    • Mitsubishi Electric MELFA
      This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELFA robot controllers. ... read more
    • CVE-2021-21238
      PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate ... read more
    • CVE-2021-21253
      OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat ... read more

SEC Security Data Services – SEC Report

 

 

This service is specifically designed to deliver well defined deliverables into critical intelligence demands of our client.
These critical intelligence demands are across Technology Information Data Positioning Planning and Execution.

 

Client Intelligence Technology Information Data

client understanding of Intelligence Technology and Intelligence Information and Intelligence Data
client leverage of technology to process information relating to aspects of their operational environments
client use of information to contribute to their decision-making process; provide reasoned insight into future environments; increase information utility

 

Client Intelligence Positioning

client capability in anticipation and prediction of future environments and better defining differences in available courses of action
client depth of quantitative analysis and qualitative judgment and competing interpretation
client continuous examination of their intelligence needs
client definitions of goals, frameworks, quantifiable outputs and objectives
client focus on actionable intelligence creation

 

Client Intelligence Planning Execution

client types of intelligence – Warning; Current; General; Target; Scientific Technical; Counterintelligence; Estimative; Identity
client levels of intelligence – Strategic; Operational; Tactical
client principles of intelligence – Perspective; Synchronization; Integrity; Effort Singularity; Prioritization; Excellence; Prediction; Agility; Collaboration; Fusion

 

 

 

Definition and Terms Details:

 

Intelligence: Technology Information and Data

Technology enables access to, in near-real-time, very large amounts of information relating to aspects of the operational environment (OE)
Information is of greatest value when it contributes to the decision-making process by providing reasoned insight into future conditions or situations.
Raw data by itself has relatively limited utility. However, when data is collected and processed into an intelligible form, it becomes information and gains greater utility.

 

Intelligence

Ultimately, intelligence has critical features that distinguish it from information.
Intelligence allows anticipation or prediction of future situations and circumstances, and it informs decisions by illuminating the differences in available courses of action (COAs).
Intelligence is not an exact science; intelligence analysts will have some uncertainty as they assess the OE.
Intelligence, as the synthesis of quantitative analysis and qualitative judgment is subject to competing interpretation.
Intelligence includes the organizations, capabilities, and processes involved in the collection, processing, exploitation, analysis, and dissemination of information or finished intelligence.
Intelligence, however, is not an end in itself. To increase the operational relevance of intelligence, intelligence planners and managers should anticipate consumer needs. Thus, an examination of whether intelligence is effective or influential not only depends on the intelligence organizations, processes, and products, but must also examine users’ intelligence needs.
Intelligence products provide users with the information that has been collected and analyzed based on their requirements. It is important to remember that because the OE is dynamic, intelligence is a continuous activity.

 

Intelligence – Goals Before Data

What systems, data, and other digital assets must be protected?
How do you anticipate threat intelligence will help protect those assets?
With which specific tactics are you expecting intelligence to help?

 

Intelligence – Framework Tools

Collecting: Ingesting threat data from the right sources.
Processing: Turning the data into useful information.
Analyzing: Turning the information into actionable intelligence.

 

Intelligence – Defined

Threat intelligence is the output of analysis based on identification, collection, and enrichment of relevant data and information.
Always keep quantifiable business objectives in mind, and avoid producing intelligence “just in case.”
Threat intelligence falls into two categories. Operational intelligence is produced by computers, whereas strategic intelligence is produced by human analysts.
The two types of threat intelligence are heavily interdependent, and both rely on a skilled and experienced human analyst to develop and maintain them.

 

Intelligence Planning

Intelligence Planning (IP) occurs continuously while intelligence collection and production plans are updated as a result of previous requirements being satisfied and new requirements being identified.

A conceptual model of the intelligence process

Planning and Direction.
Definition: Planning and Direction. In intelligence usage, the determination of intelligence requirements, development of appropriate intelligence architecture, preparation of a collection plan, issuance of orders and requests to information collection agencies.

IP and direction is best understood as the development of intelligence plans and the continuous management of their execution.
Planning and direction activities include, but are not limited to:
the identification and prioritization of intelligence requirements;
the development of concepts of intelligence operations and architectures required to support the action or task;
tasking subordinate intelligence elements for the collection of information or the production of finished intelligence;
submitting requests for additional capabilities to higher review;
and submitting requests for collection, exploitation, or all-source production support to external, supporting intelligence entities.

 

Intelligence Requirements and Information Requirements Planning
Categories of Intelligence Products:
Warning; Current; General; Target; Scientific Technical; Counterintelligence; Estimative; Identity

  • Warning intelligence
  • Current intelligence
  • General intelligence
  • Target intelligence
  • Scientific and technical intelligence
  • Counterintelligence
  • Estimative intelligence
  • Identity intelligence

 

Intelligence Requirements and Information Requirements Planning
Levels of Intelligence:
Strategic; Operational; Tactical

Strategic – Senior Leaders; Managers
Assist in developing strategy and policy.
Monitor the international or global situation.
Assist in developing plans.
Assist in determining major systems and structure requirements.
Support the conduct of strategic operations.

Operational – Senior Leaders; Managers
Focus on capabilities and intentions of threats and vulnerabilities
Analyze the operational environment.
Identify adversary centers of gravity and critical vulnerabilities.
Monitor events in the areas of interest.

Tactical – Managers
Support the planning and conduct of joint campaigns or efforts.
Support planning and the execution of attacks, defense, engagements, and other joint force activities.
Provide information on imminent threats and changes in the operational environment.
Provide obstacle intelligence.

 

Intelligence Requirements and Information Requirements Planning
Principles of Joint Intelligence:
Perspective; Synchronization; Integrity; Effort Singularity; Prioritization; Excellence; Prediction; Agility; Collaboration; Fusion

  • Perspective (Think like the adversary.)
  • Synchronization (Synchronize intelligence with plans and operations.)
  • Integrity (Remain intellectually honest.)
  • Unity of Effort (Cooperate to achieve a common end state.)
  • Prioritization (Prioritize requirements based on authoritative guidance.)
  • Excellence (Strive to achieve the highest standards of quality.)
  • Prediction (Accept the risk of predicting adversary intentions.)
  • Agility (Remain flexible and adapt to changing situations.)
  • Collaboration (Leverage expertise of diverse analytic resources.)
  • Fusion (Exploit all sources of information and intelligence.)

 

Intelligence Requirements and Information Requirements Planning
Attributes of Intelligence Excellence:
Anticipatory; Timely; Accurate; Usable; Complete; Relevant; Objective; Available

  • Anticipatory
  • Timely
  • Accurate
  • Usable
  • Complete
  • Relevant
  • Objective
  • Available

 

Intelligence Requirements and Information Requirements Planning
Principles for Interorganizational Intelligence Collaboration:

  • Establish strong relationship networks.
  • Build mutual trust and respect for colleagues.
  • Share a common vision.
  • Minimize territorial issues.
  • Establish continuous communication.
  • Eliminate impediments.

 

Intelligence: Relationship of Data Information and Intelligence
U.S. Department of Defense’s “Joint Publication 2-0: Joint Intelligence”

Data Information Intelligence

 

“Tell me what you know…tell me what you don’t know…tell me what you think—always distinguish which is which.”
General Colin Powell, US Army
Guidance to Joint Staff J-2 on 13 November 1992
Chairman of the Joint Chiefs of Staff, 1989-1993

 

Threat Intelligence, Information, Data: Critical Differences

There is a difference between threat data, information, and intelligence; understanding the difference is essential to getting the most out of your threat intelligence platform. The progress from data to information to intelligence, reduces the volume of outputs while the value of those outputs simultaneously increases.

Threat intelligence platforms produce data and information, which human analysts must then use to produce actionable threat intelligence. A computer can never produce threat intelligence, but humans are unsuited to the task of collecting and processing huge volumes of threat data.

Action must always be the end goal. Threat intelligence is useless unless it can be used to improve action, in this case; cyber security action.

Most organizations assume that if they buy a threat intelligence platform it will do everything for them – that isn’t the case – there are critical differences between threat data, information, and intelligence, and skilled analysts define the transition from one to the next.

The main differences between data, information, and intelligence come in two forms: volume, and usability.

Data is typically available in huge volumes, and describes individual and unarguable facts. Details of individual connection requests are an excellent example of data, because they’re simple statements of fact and aren’t open to discussion.

Information is produced when a series of raw data points are combined to answer a simple question; although this is a far more useful output than the raw data, it still doesn’t directly inform a specific action.

Intelligence takes this process a stage further by interrogating data and information to tell a story (a forecast, for example) that can be used to inform decision making. Crucially, intelligence never answers a simple question, rather it paints a picture that can be used to help people answer much more complicated questions. Intelligence may not directly answer a specific question, but it does aid in the decision-making process.

Threat Intelligence Platforms don’t actually produce Threat Intelligence: To produce a small but steady stream of actionable threat intelligence, massive quantities of data are required. Simple threat intelligence platforms are able to consume and organize threat data on a large scale, which makes the job of your analysts far easier, and their outputs more useful.

An important function of threat intelligence products is to organize threats according to their potential to damage an organization. This is where the very best providers differentiate themselves from the rest of the pack: They’re able to prioritize threats automatically, so human analysts can focus their efforts on the most important threat data or information first. Because of the big data issues described above, having a tool that can prioritize threats is essential. If your analysts are digging through every single threat manually, you’ll find that many urgent threats aren’t identified until after the fact. The process of combining and organizing threat data into threat information is fundamental to the prioritization process.

When it comes to threat intelligence, action is the only thing that really counts. There’s absolutely no value in possessing threat data, information, or intelligence unless you use it to improve your security program or defend against an incoming attack.

Tags: SEC Corporate,SEC Security Data Services,Threat Intelligence,Threat Intelligence Data,Threat Intelligence Information,Threat Intelligence Platforms,