Security CERT Global
- Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
- Weekly Report: 複数のApple製品に脆弱性
- Weekly Report: Trend Micro Mobile Securityにクロスサイトスクリプティングの脆弱性
- Weekly Report: Panasonic製KW Watcherに複数の脆弱性
- Weekly Report: 複数のCisco製品に脆弱性
- Weekly Report: NISCが「サイバーセキュリティ関係法令Q&AハンドブックVer2.0」を公開
- Weekly Report: 複数のMozilla製品に脆弱性
- CISA Adds One Known Exploited Vulnerability to Catalog
- DebianOS Security Update
- GitLab Security Update
- Mediatek Security Update
- F5 Security Update
- WordPress Security Update
- SUSE Security Update
- Exim Security Update
- Gentoo Security Update
- HP Security Update
- IBM Security Update
- CERTFR-2023-AVI-0799 : Vulnérabilité dans les produits Microsoft (03 octobre 2023)
- CERTFR-2023-AVI-0798 : Multiples vulnérabilités dans les produits IBM (03 octobre 2023)
- ESB-2023.5650 - [Appliance] F5 BIG-IP and BIG-IQ Products: CVSS (Max): 2.2
- ASB-2023.0180 - Quishing attacks:
- ESB-2023.5652 - [Cisco] Cisco Routers:
- ESB-2023.5651 - [Appliance] F5 BIG-IP and BIG IQ Products: CVSS (Max): 4.4
- ESB-2023.5649 - [Linux] IBM Security QRadar SIEM: CVSS (Max): 7.1
- ESB-2023.5648 - [Win][Linux][AIX] IBM App Connect Enterprise: CVSS (Max): 7.1
- ESB-2023.5645 - [SUSE] bind: CVSS (Max): 7.5
- ESB-2023.5638 - [Debian] exim4: CVSS (Max): 8.1
- ESB-2023.5636 - [Appliance] F5 Products: CVSS (Max): 8.8*
- ESB-2023.5640 - [SUSE] Linux Kernel (Live Patch 2 for SLE 15 SP5): CVSS (Max): 7.8
- ESB-2023.5627 - [SUSE] iperf: CVSS (Max): 7.4
- ESB-2023.5639 - [Ubuntu] LibTomMath: CVSS (Max): 9.8
- ESB-2023.5629 - [SUSE] xen: CVSS (Max): 7.5
- ESB-2023.5634 - [Appliance] Traffix SDC: CVSS (Max): 5.5
- ESB-2023.5642 - [SUSE] Linux Kernel (Live Patch 3 for SLE 15 SP5): CVSS (Max): 7.8
- ESB-2023.5633 - [RedHat] OpenShift GitOps: CVSS (Max): 7.5
- ESB-2023.5632 - [Debian] firefox-esr: CVSS (Max): 9.8
- ESB-2023.5631 - [Debian] libvpx: CVSS (Max): 8.8*
- ESB-2023.5643 - [SUSE] Linux Kernel (Live Patch 1 for SLE 15 SP5): CVSS (Max): 7.8
- ESB-2023.5630 - [SUSE] MozillaFirefox: CVSS (Max): 7.5
- ESB-2023.5628 - [SUSE] Golang Prometheus: CVSS (Max): 7.5
- ESB-2023.5635 - [SUSE] Linux Kernel (Live Patch 13 for SLE 15 SP4): CVSS (Max): 7.8
- ESB-2023.5637 - [Debian] exim4: CVSS (Max): 9.8
- ESB-2023.5641 - Linux Kernel (Live Patch 35 for SLE 15 SP3): CVSS (Max): 7.8
- ESB-2023.5646 - [SUSE] python: CVSS (Max): 7.4
- ESB-2023.5644 - [SUSE] Linux Kernel (Live Patch 26 for SLE 15 SP3): CVSS (Max): 7.8
- ESB-2023.5622 - [SUSE] libqb: CVSS (Max): 5.9
- ESB-2023.5620 - [SUSE] xen: CVSS (Max): 7.5
- ESB-2023.5623 - [SUSE] Linux Kernel (Live Patch 38 for SLE 15 SP2): CVSS (Max): 7.8
- ESB-2023.5625 - [SUSE] xen: CVSS (Max): 7.5
Strategic Efficiency Consortium Security Intelligence Reading and References – SEC Report
Reading and References
Competitive Intelligence – CI For Beginners Part 1: Insight Work
“Intelligence is a set of internal activities to help understand and influence corporate strategy, deals, competitors, markets, and customers.”
It is much easier to answer what intelligence work DOES — it provides a 360-degree view of the past, present, and potential futures for a particular set of problems. The typical definition says something like “Competitive Intelligence is the art of turning ethically-collected data into actionable insights and strategies”. However, I think this definition is a bit too theoretical — it lacks practicality and application…..
Read More: https://security.strategicefficiency.org/competitive-intelligence-ci-for-beginners-part-1-insight-work/
Competitive Intelligence – CI For Beginners Part 2: Engaging the Process
How do we take this academic model of intelligence, and put it to work? …Each path you decide to take will come with its own learning curve and challenges, but ultimately, your outcome is 100% yours to create. That said, lots of people say “I do competitive intelligence!” and act like it exists in a silo. If we are brutally, completely honest, you will have absolutely zero understanding of the competitors if you don’t also understand your market and industries, your clients/customers and other sociological, economic, and political forces at play…
Read More: https://security.strategicefficiency.org/competitive-intelligence-ci-for-beginners-part-2-engaging-the-process/
Threat Intelligence, Information, and Data: What Is the Difference?
Key Takeaways
There’s a huge difference between threat data, information, and intelligence, and understanding the difference is essential to getting the most out of your threat intelligence platform.
As we progress from data to information to intelligence, the volume of outputs reduces while the value of those outputs increases.
Threat intelligence platforms produce data and information, which human analysts can use to produce actionable threat intelligence.
A computer can never produce threat intelligence, but humans are unsuited to the task of collecting and processing huge volumes of threat data.
Action must always be the end goal.
Threat intelligence is useless unless it can be used to improve cyber security.
Read More: https://security.strategicefficiency.org/threat-intelligence-information-and-data-what-is-the-difference/
SEC Security Data Services
This service is specifically designed to deliver well defined deliverables into critical intelligence demands of our client.
These critical intelligence demands are across Technology Information Data Positioning Planning and Execution.
Client Intelligence Technology Information Data
- client understanding of Intelligence Technology and Intelligence Information and Intelligence Data
- client leverage of technology to process information relating to aspects of their operational environments
- client use of information to contribute to their decision-making process; provide reasoned insight into future environments; increase information utility
Client Intelligence Positioning
- client capability in anticipation and prediction of future environments and better defining differences in available courses of action
- client depth of quantitative analysis and qualitative judgment and competing interpretation
- client continuous examination of their intelligence needs
- client definitions of goals, frameworks, quantifiable outputs and objectives
- client focus on actionable intelligence creation
Client Intelligence Planning Execution
- client types of intelligence – Warning; Current; General; Target; Scientific Technical; Counterintelligence; Estimative; Identity
- client levels of intelligence – Strategic; Operational; Tactical
- client principles of intelligence – Perspective; Synchronization; Integrity; Effort Singularity; Prioritization; Excellence; Prediction; Agility; Collaboration; Fusion
Read More: https://security.strategicefficiency.org/sec-security-data-services/
SEC Threat Intelligence as a Critical Organizational Need
The critical need for an evidence based, automated, holistic approach of the threat landscape.
These are challenging times for security managers, with corporate boards demanding awareness of cyber risks, faster processing of progressively complex data and efficient managed services for an increasing number of intelligent devices than ever before.
Ultimately security teams are in a better position of strength to defend their organizations against threats if they know what is coming in their direction; tools and staff are vital but should be augmented with intelligence.
Threat Intelligence is no longer for the large, well-funded organizations, but is required to be an overall component of mitigation strategies for all businesses that operate within this evolving technological environment; the economies of scale and adaptability of solutions now allows small businesses to be able to access credible threat intelligence sources that can be based on an organizations profile and supply chain.
Critical data that used to be in a secured datacenter now moves across an increasingly complex ecosystem of networked environments, including IIoT, IoT, cloud servers, virtualized environments and mobile devices.
The rate of change in some enterprise environments is so rapid that many organizations are struggling to keep pace with the evolving nature of cyber threats or being able to ascertain knowledge of what arises daily.
To build an effective cyber security strategy, awareness of specific cyber threats needs to occur as well as an analysis of how those threats affects the organization.
Threat Intelligence provides context, indicators, increased awareness and actionable responses about current or emerging threats that aid in decision making at an operational, tactical or strategic level.
Cyber adversaries are increasingly using sophisticated tools, techniques and procedures that are evading stand-alone security solutions with multiyear campaigns that target valuable and sensitive information.
Organizations need an evidence based, holistic view of the threat landscape with a proactive security posture to defend organizations from a wide array of threat – A Threat Intelligence led cyber security program.
Security Work Group
Strategic Efficiency Consortium
Tags: SEC Corporate,SEC Security Intelligence,Threat Intelligence,Threat Intelligence Data,Threat Intelligence Information,