Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-40480PUBLISHED: 2023-02-08Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.
CVE-2022-45190PUBLISHED: 2023-02-08An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.
CVE-2022-45191PUBLISHED: 2023-02-08An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.
CVE-2022-45192PUBLISHED: 2023-02-08An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.
CVE-2023-0718PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this ...
User Rank: Strategist
6/23/2017 | 11:38:43 AM
Until a dedicated exchange or forum exists (besides the existing tools that mesh subscriber detections today) that anonymizes the reporting entity sources, we won't see any real open collaboration. The fundamental problem in this interchange model is that the closer you get to anonymity the farther you get from assurance and authenticity. Meaning, the reliability of threat articulation from an anonymous source is less than a vetted representative from "MegaCorp, LLC" proper. This could be overcome by a intermediate, sanctioned broker to ensure the reporting entity is genuine.
Until the exchange mechanism is sexy and "now" it won't work either. The threat intelligence collaboration and sharing service needs to solidly be edgy social media. Think "HackedIn" and not some cold, corporate or government offering that reads like RFC's and NIST documentation.
Until the threat intelligence interchange is highly automated, it won't be accepted. MegaCorp is not going to dedicate service agents or ongoing labor to the contributions nor consuming content. If the end-all solution doesn't facilitate fast-flux transactions in both directions and provide actionable output that itself can be automated, it won't be widely adopted.