Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20859PUBLISHED: 2021-12-01
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-19...
CVE-2021-20860PUBLISHED: 2021-12-01
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and ...
CVE-2021-20861PUBLISHED: 2021-12-01
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC...
CVE-2021-20862PUBLISHED: 2021-12-01
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-175...
CVE-2021-20863PUBLISHED: 2021-12-01
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GS...
How Data Breaches Affect the EnterpriseData breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
User Rank: Moderator
11/20/2019 | 1:28:27 PM
The use of direct links in emails so that initial link inspection creates a SAFE assessment, and then changing the linked file's content to malware later, means that antivirus and antimalware vendors need to implement a mechanism to spot linked content that was changed since it was last scanned. And then needs to rescan the linked file before allowing it to be opened by the user.
Obviously attackers will examine how linked file modification detection is performed and try to evade whatever algorithm is employed, so linked file change detection needs to be very robust.
The direct linked file attack could only work if attackers have read/write/modify file access permissions on the server that the direct link points to. This implies that there are more whitelisted public facing file servers that have been stealthily compromised in ways that antivirus/antimalware companies have not been detecting with their whitelisting scanners. And this failure of accurate whitelisting renders root of trust in antivirus scanners very problematic.
Uninstalling old, less-restrictive versions of PowerShell and configuring PowerShell to run in Constrained Mode seem like very prudent security preventative measures to take in every security domain. More details on how to do these two security steps, perhaps in another article, would go a long way to helping security professionals to take concrete actions to eliminate these actively exploited vulnerabilities.
I love your security articles, especially when they include actionable references to concrete security steps that reduce attack surfaces.