Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21427PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in v...
CVE-2021-21426PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework ...
CVE-2020-36324PUBLISHED: 2021-04-21Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-28973PUBLISHED: 2021-04-21
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfig...
CVE-2021-29456PUBLISHED: 2021-04-21
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any...
User Rank: Strategist
6/23/2015 | 7:28:41 AM
Firewalls are still a critical part of a company's defences, and dismissing them as a relic from a bygone era is unhelpful. Yes, you need to consider the modern challenges of cloud and mobile working, but not at the expense of your firewalls. Issues such as company data on personal devices and dropbox need to be addressed in addition to securing the network with firewalls, not instead of.
I'm also tired of hearing people say that we should shrug our shoulders and accept that employees are going to keep company data on insecure personal devices regardless of company policies and so forth. Simply caving to the whims of users who don't care about security and expecting security professionals to work around them and find solutions is not good for anyone. Give your security policies some backbone and enforce them. Give your employees decent IT, at least as good as what they have at home, and make your security policies and guidance sensible and proportionate. Make mobile device management good enough to secure your data but not intrusive or onerous. If you do this there is no reason not to expect your users to work remotely in a sensible and secure manner.
Know how the cloud services you use secure your data. Know what they've got that's yours, where it is, how it is encrypted, backed up, how they'll handle a transfer if you change or quit their service, and so on.
None of this negates the need for firewalls. The firewall on its own won't keep you safe, but it's a key part of your defence in depth and you'd be foolish not to give it its due.