Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26333PUBLISHED: 2021-09-21An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
CVE-2021-31917PUBLISHED: 2021-09-21
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and i...
CVE-2021-20829PUBLISHED: 2021-09-21Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
CVE-2021-20037PUBLISHED: 2021-09-21SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
CVE-2021-39229PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
Enterprise Cybersecurity Plans in a Post-Pandemic WorldDownload the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
User Rank: Ninja
4/12/2018 | 12:45:04 PM
Though the article warns: "...while segmentation enhances an organization's security posture, it also adds complexity [more properly: complication] and costs... "; I think that assumes an outside-in, rather than a truly systemic implementation of the fact-based business rules specific to that organization, which should be used to determine segmentation and sequestering. Micro-segmentation of the network directed from an informational requirements-based mapping, ought to result in a less complicated (so less costly in terms of added infrastructure), and more importantly dynamically responsive (to dynamic organizational requirements), solution. This is, after all, a software-defined approach. It only makes sense to incorporate the application-specific informational requirements system design which is (or ought to be), already serving that organization.