Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Apprentice
9/25/2015 | 12:30:51 PM
I think that healthcare is unique in that there are a greater number of people who come in contact with sensitive information during the course of normal business operations than in other industries.
So, when you combine the number of people involved with handling multiple forms of PHI records, along with the immaturity of the data security systems and practices that are in place, there are so many opportunities for mistakes or
intentional breaches to take place.
The attraction of PHI is that its value does not degrade as rapidly as credit card data, which can be changed or updated quickly.
I recently read a study from Aberdeen Group that revealed "a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data" and that half of the organizations are using data tokenization
for PII and PHI data. The name of the study is "Tokenization Gets Traction".
This is a short list of effective measures that I suggest organizations should take:
1. Fine-grained de-identification of both PII (Personally Identifiable Information) and PHI.
2. Fine-grained tokenization of PHI, to alleviate the need for plain-text data and exposure in-memory across the entire data flow.
3. Strong credentials, including password improvement and rotation, plus separation of duties to prevent privileged users, such as database administrators or system administrators, from accessing sensitive data.
Secure the data to the point that it is useless to a potential thief. Modern solutions such as tokenization provide better security than encryption, while retaining usability for analytics and monetization.
Ulf Mattsson, CTO Protegrity