Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34835PUBLISHED: 2022-06-30In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
CVE-2021-40597PUBLISHED: 2022-06-29The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
CVE-2022-30467PUBLISHED: 2022-06-29Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
CVE-2022-33061PUBLISHED: 2022-06-29Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
CVE-2022-2073PUBLISHED: 2022-06-29Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
User Rank: Author
1/8/2015 | 3:23:31 PM
I probably did sound contradictary in the comments you highlighted. Great catch. I did not do a good job in defining where I am talking about threat and where i am talking about data/applications.
In the first reference, I was referring to Data and Applications. In other words, you cannot protect all of your data and applications, you should aggressively segement and control access to your company crown jewels.
In the second reference, I am referring to threat. I am trying to coach CISO's and business owners to assume you are a target. Too many companies, like CodeSpaces, probably believe they are not a target because they do not have something of value to criminals (i.e. Credit card data, Electronic Health Records). Even in this case, these companies should still NOT try to protect their whole environment, especially if it is very complex or dynamic. They should still identify the company crown jewels and aggressively segement. In the use case of CodeSpaces, they might have been saved by 2 factor auth for their admin access to their cloud envrionment.
Hopefully that clears up the confusion, thanks for asking for clarification.