Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940PUBLISHED: 2021-03-03resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314PUBLISHED: 2021-03-03GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.
User Rank: Moderator
11/20/2019 | 1:28:27 PM
The use of direct links in emails so that initial link inspection creates a SAFE assessment, and then changing the linked file's content to malware later, means that antivirus and antimalware vendors need to implement a mechanism to spot linked content that was changed since it was last scanned. And then needs to rescan the linked file before allowing it to be opened by the user.
Obviously attackers will examine how linked file modification detection is performed and try to evade whatever algorithm is employed, so linked file change detection needs to be very robust.
The direct linked file attack could only work if attackers have read/write/modify file access permissions on the server that the direct link points to. This implies that there are more whitelisted public facing file servers that have been stealthily compromised in ways that antivirus/antimalware companies have not been detecting with their whitelisting scanners. And this failure of accurate whitelisting renders root of trust in antivirus scanners very problematic.
Uninstalling old, less-restrictive versions of PowerShell and configuring PowerShell to run in Constrained Mode seem like very prudent security preventative measures to take in every security domain. More details on how to do these two security steps, perhaps in another article, would go a long way to helping security professionals to take concrete actions to eliminate these actively exploited vulnerabilities.
I love your security articles, especially when they include actionable references to concrete security steps that reduce attack surfaces.