Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856PUBLISHED: 2021-04-20A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793PUBLISHED: 2021-04-20vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...
User Rank: Apprentice
2/17/2016 | 6:58:17 PM
From fake 'demo' disks for 5 1/4" drives to downloads off websites, it's the employee that is the primary entry point for attacks.
How do you educate your employees? How do you justify this kind of training to management? Well, good luck.
Most managers are unaware of the vlunerability of thier groups/division/organization's staff to these attacks. And you will be marked down as a Chicken Little if you push the problem in an open forum.
The best way is to include training and warnings for new hires - it's an 'inoculation' process.
This leaves the 'old guard' to educate - and they are often the most vlunerable. The person who deals with appointments for salespeople, the person who answers the phone (and, by the way, gets all the undeliverable emails....).
Filtering/deleting all the undeliverable emails is a good first line of defense - or you can divert these messages to someone who has more familarity with attacks. But this drains your resources - better to just trash the undeliverables.
But many institutions have staff who have been there since before cell phones were invented - how do you deal with them? I have tried many times and found the 'gaming' strategy works best - build up a collecton of attacks and make it into a game - tell them it's something to play with. When they fall for an attack don't scold, explain. Remember the old country doctor whose 'bedside manner' could settle most problems? Take that approach - you are often the new person on the staff teaching the person with the longest tenure - be humble and explain, explain, explain. If they don't understand it's not their fault - it's yours. Try another approach - you CAN make it work.
And - best of luck.
wb