Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2287PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-34911PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
CVE-2022-34912PUBLISHED: 2022-07-02An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
CVE-2022-34913PUBLISHED: 2022-07-02** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
CVE-2022-2286PUBLISHED: 2022-07-02Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
User Rank: Ninja
6/25/2019 | 10:53:56 AM
Write-Host " "
Write-Host "Block Triton ICS Port 39929"
Write-Host "-------------------------------"
$Name = "Triton-ICS-Attack-Port-39929"
$Triton = (Get-NetFirewallRule -DisplayName $Name)
$TPort = (Get-NetFirewallrule -DisplayName $Name | Get-NetFirewallPortFilter).LocalPort
if ( ( ($Triton).DisplayName -eq $Name) -And ($TPort -eq 39929) ) {
Write-Host $Name "exists - ok"
} else {
New-Netfirewallrule -Action Block -Enabled True -Direction Inbound -LocalPort 39929 -RemoteAddress Localsubnet -Name $Name -Profile Any -Protocol TCP -DisplayName $Name -RemotePort Any -Description "Triton-ICS-Attack-Port-39929"
Get-NetFirewallRule -Name $Name
}
Antivirus Entry - Go to antivirus and program the software to look for "imain.bin, inject.bin and trilog.exe". Also, I recommend using Comodo HIDS or other software solutions that initiate system baselines. If the system identifies any changes, then the application would stop the file from executing if it was considered nefarious.
From a linux standpoint:
iptables -I INPUT 1 -p tcp -m multiport --dport 39929 -m conntrack --ctstate NEW,ESTABLISHED -j DROP (iptables FW that tracks and Drops the port)
or
ufw allow in proto tcp from 0.0.0.0/0 to 0.0.0.0 port 39929 comment "Triton Blocked Port" (UFW Firewall Entry)
Download chkrootkit and/or rkhunter on the Linux/Unix machines to help find this potential problem.
Todd S,
Enterprise Architect
https://itotsnetworks.com