Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-22309PUBLISHED: 2022-05-24The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.
CVE-2022-22495PUBLISHED: 2022-05-24IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.
CVE-2020-4926PUBLISHED: 2022-05-24A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.
CVE-2013-10002PUBLISHED: 2022-05-24
A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgradi...
CVE-2013-10003PUBLISHED: 2022-05-24
A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the pu...
User Rank: Apprentice
12/15/2014 | 10:19:39 AM
In this paper I discuss how we specifi9cally must start sharing sanitized attack data with law enforcement and each other if we are to even have a chance of slowing down the attackers much less stopping them
My paper can be found here: https://www.sans.org/reading-room/whitepapers/warfare/defense-depth-impractical-strategy-cyber-world-33896
I am glad to see that there is a trend now to do what I have been advocating for with the FBI and others since 2011.
I refer to the threatscape we face as Sustained Cyber-Siege Defense:
Excerpt from my publication: (Ignore the numbering - the web page won't let me change it.)
Keystones of Sustained Cyber-Siege Defense:
i. Strip out company specifics, but share the data. In order for there to be success it is critical for IT Security Professionals to not only have accurate, actionable data, they must get it in a timely fashion as well.
i. All Malware should be identified by hash values and not the dozens of text based aliases seen today.