Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34491PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931PUBLISHED: 2022-06-25Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...
CVE-2022-24893PUBLISHED: 2022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can resul...
User Rank: Author
3/29/2017 | 7:37:11 PM
I agree with your first statement, "humans will always be the easiest attack vector for hackers". But I have increasingly come to realize that your second statement, "we need to continue training users", is not the logical conclusion.
This may seem paradoxical at first: if humans are the weak link, why not train them? But as attacks become more and more sophisticated, the sheer effort of training will become unbearable -- and start paying off less and less. Similarly, as the number of versions of the attacks we see mushroom, it will be harder for regular mortals to keep things straight. And this is what is happening.
So what can we do to deal with the fact that humans are, and will remain, the easiest attack vector? We need software that reflects the perspective of the human victims. What makes people fall for attacks? If we can create filters that identifies what is deceptive -- to people -- then we hare addresssing the problem.
Am I talking about artificial intelligence? Not necessarily. This can be solved using expert system, machine learning, and combinations thereof. What I am really talking about is software that interprets things like people do, and then filters out what is risky. Can we call this "artificial empathy"?