Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650PUBLISHED: 2019-12-15python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536PUBLISHED: 2019-12-15CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643PUBLISHED: 2019-12-15jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652PUBLISHED: 2019-12-15JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
User Rank: Strategist
3/19/2015 | 2:50:30 AM
It appears he includes 2 factor authentication as part of internal security, but in my mind it also can be authentication via a site on the web, like some banks are now supporting, which is external. It seems to me like the one other area internally is encryption of data at rest and data in transit (all internal network traffic).
The human layer is definitely the most vulnerable, but I don't agree that is an intractable problem. ... Human beings are the most sophisticated detection devices you've got". - Another golden nugget from Mr. Straight.
He has a good point where the security industry is pushing for people to purchase more and more endpoint solutions out there, and the focus should be internal controls.
Thank you, Jason Straight