Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-0900PUBLISHED: 2022-05-23A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.
CVE-2022-28997PUBLISHED: 2022-05-23CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
CVE-2022-28998PUBLISHED: 2022-05-23Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
CVE-2022-1810PUBLISHED: 2022-05-23Improper Access Control in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-1816PUBLISHED: 2022-05-23
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> lea...
User Rank: Strategist
11/21/2016 | 10:10:36 AM
That being stipulated, it should be rather easy to have the OS, or any OS, monitor activities for encryption and notify users of questionably nefarious activities.
Online game makers have long ago created CPU process monitors to prevent realtime game 'cheating'.
The function is simple to understand, monitor for encryption code running in the cpu rather than the contents of an executale. Then stop it unless the user permits. Otherwise send it to AV for cleanup. Building it is a bit more complex as was the one my firm built for a client. Really the CPU resources and disk activity of full disk encryption is really easy to detect.
Ransomware exists because we make computers with an interface non technical people can use, It wouldn't live very long in a command line OS. Holding users responsible for their failures just adds more stuff people will ignore. It is the responsibility of the service, software or vendor to protect the user.
As an analogy: If you rent a hotel room for a night, go to dinner and your door doesn't lock, and someone comes in and spray paints the room and your possessions, who is ultmately responsible for the loss? You as temporary rentor of the service, or the security of the hotel?
We need legislation to clearly identify responsibility and the limits of that responsibility.
Still, it is a problem that technology created, one that is beyond the technical expertise of most users, and one that is solvable through intelligent technology.