Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-10072PUBLISHED: 2023-02-04
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this...
CVE-2018-25079PUBLISHED: 2023-02-04
A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3...
CVE-2023-0671PUBLISHED: 2023-02-04Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2023-24806PUBLISHED: 2023-02-04** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2013-10017PUBLISHED: 2023-02-04
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recom...
User Rank: Apprentice
12/15/2014 | 10:19:39 AM
In this paper I discuss how we specifi9cally must start sharing sanitized attack data with law enforcement and each other if we are to even have a chance of slowing down the attackers much less stopping them
My paper can be found here: https://www.sans.org/reading-room/whitepapers/warfare/defense-depth-impractical-strategy-cyber-world-33896
I am glad to see that there is a trend now to do what I have been advocating for with the FBI and others since 2011.
I refer to the threatscape we face as Sustained Cyber-Siege Defense:
Excerpt from my publication: (Ignore the numbering - the web page won't let me change it.)
Keystones of Sustained Cyber-Siege Defense:
i. Strip out company specifics, but share the data. In order for there to be success it is critical for IT Security Professionals to not only have accurate, actionable data, they must get it in a timely fashion as well.
i. All Malware should be identified by hash values and not the dozens of text based aliases seen today.