Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196PUBLISHED: 2023-05-26Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879PUBLISHED: 2023-05-26GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
User Rank: Author
6/26/2017 | 5:54:00 AM
With so many data breaches making headlines in recent months, each new cyberattack is a business lesson not learnt and an opportunity to step up cyber security completely missed.
IT security is often in danger of being an issue that only the IT department cares about and can be seen by the C suite as a business cost that doesn't add to revenue streams. That is, of course, until a breach takes place and the costs of resolving the issues become very much the business leader's concern.
For business leaders, whether in the US or further afield, having more visibility of the cybersecurity risks happening daily in their company is vital to changing this attitude and preventing the cost of resolving breaches climbing even further.
There are currently software tools which can physically show activity which could lead to a breach taking place, whether this is unsafe password practices or general risky behaviour happening around the office in real time. But the truth is that IT security isn't just an 'as and when' requirement. Having effective security software isn't just valuable when a breach takes place. It can help the company remain competitive, close business deals and build trust with customers, partners and the supply chain.
In order to bring these statistics down across the board, IT teams need to encourage business leaders to see preventative IT security measures as a future-proofing investment, like a form of insurance. It's always better to be safe than sorry, but once a company has been the victim of a data breach, it's too late and the measures needed to resolve the issue will inevitably be complex, disruptive and costly.
http://www.isdecisions.com/why-management-should-care-IT-security/