Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25878PUBLISHED: 2022-05-27
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.
This vulnerability can occur in multiple ways:
1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption ...
CVE-2021-27780PUBLISHED: 2022-05-27The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27781PUBLISHED: 2022-05-27The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2022-1897PUBLISHED: 2022-05-27Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-20666PUBLISHED: 2022-05-27
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
These vulnerabilities are due to insufficient va...
User Rank: Ninja
6/12/2017 | 11:28:03 AM
You see, similar to how one might set up a sweet server that is begging to be compromised to see what flies are attracted the honey, I suspect the White House acts in a similar fashion. For anyone who has stood outside the White House, there is an almost inviting accessibility to the grounds. What better way to quickly assess who in the neighborhood has malicious plans than to present a honeypot like the White House?
Now, speaking of dwell time, those with budget could utilize this same concept to border their inner critical data with inviting honeypots that would attract both one-hit-wonders and dwellers. The key is for those who would dwell, by sitting in the honeypot they are hurting themselves by providing extended time for InfoSec pros to find them and end their squatting reign. Expense may come to mind, but I suspect the cost and maintenance of an ESX server with a host of VMs spun out to act as a honeypot shield would pay off more in the end for some companies than by just relying on automation.
Adding good automation to the mix would just seal the deal. With honey.