Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31836PUBLISHED: 2022-07-05The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVE-2021-43116PUBLISHED: 2022-07-05An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
CVE-2022-2304PUBLISHED: 2022-07-05Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-26365PUBLISHED: 2022-07-05
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33...
CVE-2022-30290PUBLISHED: 2022-07-05
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the...
User Rank: Strategist
12/15/2014 | 12:50:16 PM
Vet your own internally-developed SIEM, firewall management, HIPS, and DLP solutions, e.g., OSSEC.
The article mentions a high signal-to-noise (SNR) ratio -- don't you mean low? The newest snort++ offers quite a lot of interesting functionality -- combine with a Passive DNS solution such as FarSight Security and/or internal solution such as Bro. Another way to raise SNR would be to implement STIX sharing (e.g., via TAXII-enabled solutions such as CRITs or Soltra Edge) with organization partners as well as other collaborators in your industry.
A comprehensive and constantly-maturing program built on a foundation such as the Cyber Operations Maturity Framework is the way to go given the increasing targeted-threat landscape. ISO 27000 or IT COBIT aren't going to cut it. Old frameworks just don't make the grade, so it's time to replace them.