Security CERT Global

    • お知らせ:「インシデント報告Webフォーム」メンテナンス(2021/02/04)のお知らせ
    • CVE-2020-8570
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current ... read more
    • CVE-2021-21239
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic ... read more
    • CVE-2021-21238
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic ... read more
    • CVE-2020-26285
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which ... read more
    • CVE-2021-21253
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which ... read more
    • CVE-2020-26295
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to ... read more
    • CVE-2020-8554
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the ... read more
    • CVE-2020-8568
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability ... read more
    • CVE-2020-8567
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to ... read more
    • CVE-2020-8569
      Gravedad: NonePublicado: 21/01/2021Last revised: 21/01/2021Descripción: *** Pendiente de traducción *** Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot ... read more
    • ESB-2020.4102.2 – UPDATE [Cisco] Cisco Secure Web Appliance : Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4102.2 Cisco Secure Web Appliance Privilege Escalation Vulnerability 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • ESB-2021.0261 – [Appliance] Mitsubishi Electric MELFA : Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0261 Advisory (icsa-21-021-04) Mitsubishi Electric MELFA 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mitsubishi Electric ... read more
    • ESB-2021.0259 – [Win] Delta Electronics TPEditor: Execute arbitrary code/commands – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0259 Advisory (icsa-21-021-02) Delta Electronics TPEditor 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Delta Electronics ... read more
    • ESB-2021.0257 – [Debian] drupal7: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0257 Debian LTS Advisory DLA-2530-1 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian ... read more
    • ESB-2021.0260 – [Appliance] Honeywell OPC UA Tunneller: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0260 Advisory (icsa-21-021-03) Honeywell OPC UA Tunneller 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Honeywell ... read more
    • ESB-2021.0258 – [Win] Delta Electronics ISPSoft: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0258 Advisory (icsa-21-021-01) Delta Electronics ISPSoft 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Delta Electronics ... read more
    • ESB-2021.0262 – [Win][Appliance] WAGO M&M Software fdtCONTAINER: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0262 Advisory (icsa-21-021-05) WAGO M&M Software fdtCONTAINER 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WAGO ... read more
    • CVE-2020-6776 (praesensa_firmware, praesideo_firmware)
      A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger ... read more
    • CVE-2021-21722 (zxv10_b860a_firmware)
      A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information ... read more
    • CVE-2020-6572 (chrome)
      Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. ... read more
    • CVE-2021-22166 (gitlab)
      An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method ... read more
    • CVE-2021-21009 (campaign_classic)
      Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request ... read more
    • CVE-2020-24639 (airwave_glass)
      There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete ... read more
    • CVE-2020-24638 (airwave_glass)
      Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root ... read more
    • CVE-2021-0206 (junos)
      A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in ... read more
    • CVE-2021-0203 (junos)
      On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the ... read more
    • CVE-2021-0207 (junos)
      An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt ... read more
    • CVE-2021-0202 (junos)
      On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a ... read more
    • CVE-2021-0208 (junos, junos_evolved)
      An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are ... read more
    • CVE-2020-8554
      Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, ... read more
    • CVE-2020-8569
      Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference ... read more
    • CVE-2020-8568
      Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file ... read more
    • CVE-2020-8567
      Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects ... read more
    • CVE-2020-8570
      Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which ... read more
    • CVE-2020-29495 (emc_avamar_server, emc_integrated_data_protection_appliance)
      DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution ... read more
    • CVE-2020-6777 (praesensa_firmware, praesideo_firmware)
      A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin ... read more
    • CVE-2020-29493 (emc_avamar_server, emc_integrated_data_protection_appliance)
      DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of ... read more
    • CVE-2020-29587 (simplcommerce)
      SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results ... read more
    • CVE-2021-0205 (junos)
      When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the ... read more
    • CVE-2021-0204 (junos)
      A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files ... read more
    • CVE-2020-35749 (simple_board_job)
      Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. ... read more
    • CVE-2020-29494 (emc_avamar_server, emc_integrated_data_protection_appliance)
      Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the ... read more
    • WAGO M&M Software fdtCONTAINER
      This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application. ... read more
    • Delta Electronics TPEditor
      This advisory contains mitigations for Untrusted Pointer Dereference, and Out-of-bounds Write vulnerabilities in Delta Electronics TPEditor programming software for Delta text panels. ... read more
    • Delta Electronics ISPSoft
      This advisory contains mitigations for a Use After Free vulnerability in Delta Electronics ISPSoft PLC program development tool. ... read more
    • Honeywell OPC UA Tunneller
      This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, and Uncontrolled Resource Consumption vulnerabilities in Honeywell's OPC UA Tunneller software. ... read more
    • Mitsubishi Electric MELFA
      This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELFA robot controllers. ... read more
    • CVE-2021-21238
      PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate ... read more
    • CVE-2021-21253
      OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat ... read more

Threat Intelligence could turn the tide against cybercriminals

 

Threat Intelligence could turn the tide against cybercriminals

 

Now that many security tools are generating alerts about possible threats, it’s almost like a dam has broken. There is literally so much random threat data circulating that it becomes difficult, if not impossible, for any one person or even one organization to parse it all out and find the relevant nuggets that relate to their specific situation.

 

That is where Threat Intelligence comes into play. This is a relatively new concept that is still being defined and modified by the very companies that offer it, even as it becomes a cornerstone of many network defensive plans. We got some hands-on training and testing with threat intelligence platforms from ThreatConnect, ThreatStream, Soltra, Arbor Networks and iSIGHT.

 

ThreatStream OPTIC
ThreatStream OPTIC, which starts at $50,000, is a very advanced program that can make sense of a nearly unlimited number of threat streams, and then share intelligence within a select community of users.

 

ThreatConnect 3.0
ThreatConnect offers a free edition as well as three paid editions starting as low as $45,000. The number of features, functionality and the chosen deployment model (private cloud, public cloud, or on-premises) determine the price for each edition.

 

Arbor Networks Pravail Security Analytics
Pravail is likely one of the most useful threat intelligence tools for folks that want to take an active role in network defense. Any organization with good analysts who are not doing much other than reacting to threat alerts should consider Pravail. Pricing starts at $75,000.

 

iSIGHT Partners ThreatScape
Enterprise subscriptions are offered on a tiered basis for each of six distinct intelligence offerings branded as ThreatScape. Depending on deployment configuration, prices start at $75,000 for one ThreatScape.

 

Source: Anomali

 

Tags: Cyber Threat Intelligence,Threat Intelligence,Threat Intelligence Platforms,