Security CERT Global

    • CERTFR-2021-AVI-285 : Vulnérabilité dans VMware NSX-T (19 avril 2021)
      Une vulnérabilité a été découverte dans VMware NSX-T. Elle permet à un attaquant de provoquer une élévation de privilèges. ... read more
    • CERTFR-2021-AVI-284 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une ... read more
    • CERTFR-2021-AVI-283 : Vulnérabilité dans Juniper Junos OS (19 avril 2021)
      Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
    • CERTFR-2021-AVI-282 : Multiples vulnérabilités dans les produits Qnap (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
    • CERTFR-2021-AVI-281 : Vulnérabilité dans OpenSSH (19 avril 2021)
      Une vulnérabilité a été découverte dans OpenSSH. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
    • CERTFR-2021-AVI-280 : Multiples vulnérabilités dans Mitel MiCollab (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à ... read more
    • CERTFR-2021-ACT-015 : Bulletin d’actualité CERTFR-2021-ACT-015 (19 avril 2021)
      Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
    • WordPress udsender sikkerhedsopdatering
      Det populære redaktionssystem for hjemmesider, Wordpress, er opdateret til en ny version. Det sker med udsendelsen af version 5.7.1, hvorved alle versioner siden WordPress 4.7 er blevet opdateret. Der er tale ... read more
    • Get ready for CiSP 2.0
      The NCSC's online portal for threat intelligence sharing is being upgraded. ... read more
    • Det kriminalpræventive råd: IT-kriminelle har for let spil
      En ny rapport fra Det Kriminalpræventive Råd og Forbrugerrådet TÆNK konkluderer, at it-kriminelle har for let spil til deres forehavende. Danskernes høje tillid til hinanden udnyttes af it-kriminelle til at ... read more
    • JVN: トレンドマイクロ株式会社製パスワードマネージャーにおける DLL 読み込みに関する脆弱性
      トレンドマイクロ株式会社製パスワードマネージャーには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
    • Trend Micro Password Manager may insecurely load Dynamic Link Libraries
      Password Manager provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries. ... read more
    • CVE-2021-24226 (accessally)
      In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing ... read more
    • CVE-2021-24024 (fortiadc, fortiadc_manager)
      A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker ... read more
    • ESB-2021.1311 – [RedHat] IBM Resilient SOAR: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1311 Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527) 19 April 2021 =========================================================================== AusCERT Security ... read more
    • ESB-2021.1304 – [Juniper] Junos OS: EX4300: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1304 JSA11135 - 2021-04 Security Bulletin: Junos OS: EX4300: FPC crash upon receipt of specific frames on an ... read more
    • ESB-2021.1309 – [Debian] python2.7: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1309 python2.7 security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python2.7 Publisher: Debian Operating ... read more
    • ESB-2021.1308 – [Debian] python-bleach: Cross-site scripting – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1308 python-bleach security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-bleach Publisher: Debian Operating ... read more
    • ESB-2021.1303 – [Appliance] F5 Products: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1303 iApps vulnerability CVE-2020-17507 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ ... read more
    • ESB-2021.1305 – [SUSE] openldap2: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1305 Security update for openldap2 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE ... read more
    • ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1310 libebml security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libebml Publisher: Debian Operating ... read more
    • CVE-2021-23378
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... read more
    • CVE-2021-23375
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... read more
    • CVE-2021-23381
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to ... read more
    • CVE-2021-23379
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to ... read more
    • CVE-2021-23376
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible ... read more
    • CVE-2021-23374
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible ... read more
    • CVE-2021-23380
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package ... read more
    • CVE-2021-23377
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible ... read more
    • CVE-2021-23378
      This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23381
      This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2021-23379
      This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2021-23376
      This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23380
      This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker ... read more
    • CVE-2021-23377
      This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23374
      This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23375
      This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2020-36195
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If ... read more
    • CVE-2021-3493
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file ... read more
    • CVE-2021-3492
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. ... read more
    • CVE-2020-2509
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to ... read more
    • CVE-2021-3492
      Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory ... read more
    • CVE-2021-3493
      The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to ... read more
    • CVE-2021-29451
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON ... read more
    • CVE-2021-29444
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2021-29445
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2021-29452
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow ... read more
    • CVE-2021-29446
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2020-36195
      An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. ... read more
    • CVE-2020-2509
      A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already ... read more

Strategic Efficiency Consortium Security Intelligence Reading and References – SEC Report

 

Reading and References

 

 

Competitive Intelligence – CI For Beginners Part 1: Insight Work

“Intelligence is a set of internal activities to help understand and influence corporate strategy, deals, competitors, markets, and customers.”
It is much easier to answer what intelligence work DOES — it provides a 360-degree view of the past, present, and potential futures for a particular set of problems. The typical definition says something like “Competitive Intelligence is the art of turning ethically-collected data into actionable insights and strategies”. However, I think this definition is a bit too theoretical — it lacks practicality and application…..
Read More: https://security.strategicefficiency.org/competitive-intelligence-ci-for-beginners-part-1-insight-work/

 

 

Competitive Intelligence – CI For Beginners Part 2: Engaging the Process

How do we take this academic model of intelligence, and put it to work? …Each path you decide to take will come with its own learning curve and challenges, but ultimately, your outcome is 100% yours to create. That said, lots of people say “I do competitive intelligence!” and act like it exists in a silo. If we are brutally, completely honest, you will have absolutely zero understanding of the competitors if you don’t also understand your market and industries, your clients/customers and other sociological, economic, and political forces at play…
Read More: https://security.strategicefficiency.org/competitive-intelligence-ci-for-beginners-part-2-engaging-the-process/

 

 

Threat Intelligence, Information, and Data: What Is the Difference?

Key Takeaways
There’s a huge difference between threat data, information, and intelligence, and understanding the difference is essential to getting the most out of your threat intelligence platform.
As we progress from data to information to intelligence, the volume of outputs reduces while the value of those outputs increases.
Threat intelligence platforms produce data and information, which human analysts can use to produce actionable threat intelligence.
A computer can never produce threat intelligence, but humans are unsuited to the task of collecting and processing huge volumes of threat data.
Action must always be the end goal.
Threat intelligence is useless unless it can be used to improve cyber security.
Read More: https://security.strategicefficiency.org/threat-intelligence-information-and-data-what-is-the-difference/

 

 

SEC Security Data Services

This service is specifically designed to deliver well defined deliverables into critical intelligence demands of our client.
These critical intelligence demands are across Technology Information Data Positioning Planning and Execution.
Client Intelligence Technology Information Data

  • client understanding of Intelligence Technology and Intelligence Information and Intelligence Data
  • client leverage of technology to process information relating to aspects of their operational environments
  • client use of information to contribute to their decision-making process; provide reasoned insight into future environments; increase information utility

Client Intelligence Positioning

  • client capability in anticipation and prediction of future environments and better defining differences in available courses of action
  • client depth of quantitative analysis and qualitative judgment and competing interpretation
  • client continuous examination of their intelligence needs
  • client definitions of goals, frameworks, quantifiable outputs and objectives
  • client focus on actionable intelligence creation

Client Intelligence Planning Execution

  • client types of intelligence – Warning; Current; General; Target; Scientific Technical; Counterintelligence; Estimative; Identity
  • client levels of intelligence – Strategic; Operational; Tactical
  • client principles of intelligence – Perspective; Synchronization; Integrity; Effort Singularity; Prioritization; Excellence; Prediction; Agility; Collaboration; Fusion

Read More: https://security.strategicefficiency.org/sec-security-data-services/

 

 

SEC Threat Intelligence as a Critical Organizational Need

The critical need for an evidence based, automated, holistic approach of the threat landscape.
These are challenging times for security managers, with corporate boards demanding awareness of cyber risks, faster processing of progressively complex data and efficient managed services for an increasing number of intelligent devices than ever before.
Ultimately security teams are in a better position of strength to defend their organizations against threats if they know what is coming in their direction; tools and staff are vital but should be augmented with intelligence.
Threat Intelligence is no longer for the large, well-funded organizations, but is required to be an overall component of mitigation strategies for all businesses that operate within this evolving technological environment; the economies of scale and adaptability of solutions now allows small businesses to be able to access credible threat intelligence sources that can be based on an organizations profile and supply chain.
Critical data that used to be in a secured datacenter now moves across an increasingly complex ecosystem of networked environments, including IIoT, IoT, cloud servers, virtualized environments and mobile devices.
The rate of change in some enterprise environments is so rapid that many organizations are struggling to keep pace with the evolving nature of cyber threats or being able to ascertain knowledge of what arises daily.
To build an effective cyber security strategy, awareness of specific cyber threats needs to occur as well as an analysis of how those threats affects the organization.
Threat Intelligence provides context, indicators, increased awareness and actionable responses about current or emerging threats that aid in decision making at an operational, tactical or strategic level.
Cyber adversaries are increasingly using sophisticated tools, techniques and procedures that are evading stand-alone security solutions with multiyear campaigns that target valuable and sensitive information.
Organizations need an evidence based, holistic view of the threat landscape with a proactive security posture to defend organizations from a wide array of threat – A Threat Intelligence led cyber security program.

Read More: https://security.strategicefficiency.org/sec-threat-intelligence-as-a-critical-organizational-need-sec-report/

 

 

Security Work Group
Strategic Efficiency Consortium

 

Tags: SEC Corporate,SEC Security Intelligence,Threat Intelligence,Threat Intelligence Data,Threat Intelligence Information,