Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27581PUBLISHED: 2021-03-05The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042PUBLISHED: 2021-03-05Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041PUBLISHED: 2021-03-05ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377PUBLISHED: 2021-03-05The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420PUBLISHED: 2021-03-05A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
User Rank: Strategist
3/31/2016 | 3:40:03 PM
The key is to verify that the (daily) backups are clean, as a means of early ransomware detection and preventing good backups from being over-written. Nowhere do I see detailed advice on verifying backup integrity: a) How do you verify that a backup is not encrypted? Can it be automated or would it need a human to detect encrypted data? b) Keep in mind databases, Exchange, Active Directory and data in non-readable formats.
One solution to automating the integrity check is to seed your data with known static data- static files, database records, a mailbox, etc. Only the seed data could be restored and checked against the expected value. But this would be a custom solution, not something off the shelf as far as I know. In fact, seed data could be copied (low-level copy to bypass ransomware hooks into the OS) to another system and checked against expected values even hourly, as an early warning system for ransomware. Has anyone tried this approach?