Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864PUBLISHED: 2021-01-17An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162PUBLISHED: 2021-01-15Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
User Rank: Strategist
12/20/2018 | 12:10:07 PM
Our goal then, should be to make it harder to use this data to impersonate someone. It is far too easy to pretend to be another person, by having pieces of key data, to steal money. We all love the convenience of online commerce, but this problem is the price we pay. Years ago (many years), I was in the military. In order to pay with a check anywhere on base, my check had to have the following printed on it; my full name, my social security number (yes, that!), my address, my phone number, and my military unit designator. But in the 1980s, it wasn't worthwhile to steal that information to impersonate me. Lots of effort for little gain. But now, a threat actor can steal information for thousands, or millions, of people and use it to impersonate them for financial gain. Maybe just $10 per identity on average, but that's a lot of money at scale.
We wouldn't have to protect this type of information if it wasn't so useful to those who would use it to impersonate others for illicit financial gain. We need to find a better way to assure the identity of both parties in virtual transactions. Then, all of this data that we spend billions trying to protect would become generally useless and we wouldn't have to protect it. Maybe we should be spending our money on a cure rather than salves for the symptoms.