Security CERT Global
- Vulnerability Summary for the Week of April 12, 2021Original release date: April 19, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info dreamreport -- dream_report A privilege escalation vulnerability exists in Dream ... read more
- CVE-2021-20991In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. ... read more
- CVE-2021-20990In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed ... read more
- CVE-2021-21981VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest ... read more
- CVE-2021-20989Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection ... read more
- CVE-2021-20992In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be ... read more
- CVE-2021-28437 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Installer Information Disclosure Vulnerability ... read more
- CVE-2021-23372 (mongo-express)All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. ... read more
- CVE-2021-29440 (grav)Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the ... read more
- CVE-2021-29439 (grav_admin)The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By ... read more
- CVE-2021-29438 (nextcloud/dialogs)The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a ... read more
- CVE-2021-29435 (trestle-auth)trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in ... read more
- CVE-2021-28436 (windows_10, windows_server_2016, windows_server_2019)Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351. ... read more
- When Your Softwares Check Engine Light Is On: Identifying Design Problems that Impact Software FailureThis blog post summarizes an effective roadmap for detecting design problems that can be used to improve software development and performance. ... read more
- CVE-2021-29399XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 ... read more
- CVE-2020-7851Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ... read more
- CVE-2021-21070Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file ... read more
- CVE-2021-29425 (commons_io)In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..foo", the result would be the same value, thus possibly providing ... read more
- CVE-2021-29262 (solr)When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not ... read more
- CERTFR-2021-AVI-284 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 avril 2021)De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une ... read more
- CERTFR-2021-AVI-283 : Vulnérabilité dans Juniper Junos OS (19 avril 2021)Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
- CERTFR-2021-AVI-282 : Multiples vulnérabilités dans les produits Qnap (19 avril 2021)De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
- CERTFR-2021-AVI-281 : Vulnérabilité dans OpenSSH (19 avril 2021)Une vulnérabilité a été découverte dans OpenSSH. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
- CERTFR-2021-AVI-280 : Multiples vulnérabilités dans Mitel MiCollab (19 avril 2021)De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à ... read more
- CERTFR-2021-ACT-015 : Bulletin d’actualité CERTFR-2021-ACT-015 (19 avril 2021)Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
- CERTFR-2021-AVI-285 : Vulnérabilité dans VMware NSX-T (19 avril 2021)Une vulnérabilité a été découverte dans VMware NSX-T. Elle permet à un attaquant de provoquer une élévation de privilèges. ... read more
- WordPress udsender sikkerhedsopdateringDet populære redaktionssystem for hjemmesider, Wordpress, er opdateret til en ny version. Det sker med udsendelsen af version 5.7.1, hvorved alle versioner siden WordPress 4.7 er blevet opdateret. Der er tale ... read more
- Get ready for CiSP 2.0The NCSC's online portal for threat intelligence sharing is being upgraded. ... read more
- Det kriminalpræventive råd: IT-kriminelle har for let spilEn ny rapport fra Det Kriminalpræventive Råd og Forbrugerrådet TÆNK konkluderer, at it-kriminelle har for let spil til deres forehavende. Danskernes høje tillid til hinanden udnyttes af it-kriminelle til at ... read more
- JVN: トレンドマイクロ株式会社製パスワードマネージャーにおける DLL 読み込みに関する脆弱性トレンドマイクロ株式会社製パスワードマネージャーには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
- Trend Micro Password Manager may insecurely load Dynamic Link LibrariesPassword Manager provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries. ... read more
- CVE-2021-24226 (accessally)In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing ... read more
- CVE-2021-24024 (fortiadc, fortiadc_manager)A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker ... read more
- ESB-2021.1311 – [RedHat] IBM Resilient SOAR: Execute arbitrary code/commands – Existing account-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1311 Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527) 19 April 2021 =========================================================================== AusCERT Security ... read more
- ESB-2021.1309 – [Debian] python2.7: Multiple vulnerabilities-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1309 python2.7 security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python2.7 Publisher: Debian Operating ... read more
- ESB-2021.1308 – [Debian] python-bleach: Cross-site scripting – Remote with user interaction-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1308 python-bleach security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-bleach Publisher: Debian Operating ... read more
- ESB-2021.1303 – [Appliance] F5 Products: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1303 iApps vulnerability CVE-2020-17507 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ ... read more
- ESB-2021.1305 – [SUSE] openldap2: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1305 Security update for openldap2 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE ... read more
- ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1310 libebml security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libebml Publisher: Debian Operating ... read more
- ESB-2021.1304 – [Juniper] Junos OS: EX4300: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1304 JSA11135 - 2021-04 Security Bulletin: Junos OS: EX4300: FPC crash upon receipt of specific frames on an ... read more
- CVE-2021-23378Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... read more
- CVE-2021-23375Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... read more
- CVE-2021-23381Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to ... read more
- CVE-2021-23379Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to ... read more
- CVE-2021-23376Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible ... read more
- CVE-2021-23374Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible ... read more
- CVE-2021-23380Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package ... read more
- CVE-2021-23377Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible ... read more
- CVE-2021-23381This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
- CVE-2021-23379This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
SEC Threat Intelligence as a Critical Organizational Need – SEC Report
The critical need for an evidence based, automated, holistic approach of the threat landscape.
These are challenging times for security managers, with corporate boards demanding awareness of cyber risks, faster processing of progressively complex data and efficient managed services for an increasing number of intelligent devices than ever before.
Ultimately security teams are in a better position of strength to defend their organizations against threats if they know what is coming in their direction; tools and staff are vital but should be augmented with intelligence. Threat Intelligence is no longer for the large, well-funded organizations, but is required to be an overall component of mitigation strategies for all businesses that operate within this evolving technological environment; the economies of scale and adaptability of solutions now allows small businesses to be able to access credible threat intelligence sources that can be based on an organizations profile and supply chain.
Critical data that used to be in a secured datacenter now moves across an increasingly complex ecosystem of networked environments, including IIoT, IoT, cloud servers, virtualized environments and mobile devices. The rate of change in some enterprise environments is so rapid that many organizations are struggling to keep pace with the evolving nature of cyber threats or being able to ascertain knowledge of what arises daily.
To build an effective cyber security strategy, awareness of specific cyber threats needs to occur as well as an analysis of how those threats affects the organization. Threat Intelligence provides context, indicators, increased awareness and actionable responses about current or emerging threats that aid in decision making at an operational, tactical or strategic level. Cyber adversaries are increasingly using sophisticated tools, techniques and procedures that are evading stand-alone security solutions with multiyear campaigns that target valuable and sensitive information. Organizations need an evidence based, holistic view of the threat landscape with a proactive security posture to defend organizations from a wide array of threat – A Threat Intelligence led cyber security program.
The goal behind Threat Intelligence Services are to provide organizations the ability to become aware, recognize and act upon indicators of attack and compromise scenarios in a timely manner that better protect against zero-day threats, advanced persistent threats and exploits. With security teams across the world being challenged to discover, analyze and interpret the vast number of daily events to discover attacks, there are efforts led through Security Consortiums that are automatically detecting, contextualizing, prioritizing, performing forensic analysis, automating compliance and responding to incidents that will move us beyond Security Information Management to Security Threat Intelligence.
Facility owners should define within their overall strategy what they expect to achieve from Threat Intelligence; including the types of alerts needed, vendor news, how intelligence is collected, reported and communicated to relevant stakeholders, analysis process and how threat intelligence would be used. Only adding new and “innovative” products to the environment that requires integration and implementation of additional policies that needs to be managed by an overburdened staff is not the response required; but rather a Threat Intelligence Platform that better prepares their defense of the organization. By combining Threat Intelligence capabilities to an organizations’ software, hardware and policy defense strategy; it enhances staff’s ability to search for advanced attacks, profile atypical malware and detect adversaries.
Typical internal threat intelligence teams are hardly common as they have been deployed and structured in a way that is costly, hands on and mis-aligned to the organizations security posture.
Leveraging your tools and data in an effective manner is key to achieve your desired security posture.
As we exist in a global environment where attacks are generated at a machine level, Customers must ensure that the identification, sharing, comprehension and application of threat intelligence is as automated as much as possible. An automated platform allows for ease of access to the intelligence and the ability to contextualize and prioritize attacks for immediate mitigation strategies. Effective intelligence assess intelligence from various sources and source types to create a better threat and risk image for an organization. The value to end customers is not the quantity of the various intelligence feeds, but the applicability of those feeds to their entire environment. The ability to customize dashboards and filters to continuously illustrate threats allows security teams to focus on threats that impacts the organization. The threat intelligence market offers different types of information feeds that are not necessarily aligned to any industry or large manufacturer installed base. Though intelligence platforms must be recognized as a critical component to cyber-security, organizations must define their high-level requirements, functional requirements and visibility requirements.
Through Continuous Threat Intelligence collection, analysis and optimization, organizations can increase their protective measures and strengthen their security tools.
Tags: Critical Data,CyberSecurity,SEC Corporate,SEC Intelligence,SEC Reports,Threat Intelligence,Threat Intelligence Data,Threat Intelligence Information,Threat Intelligence Platforms,