US-CERT Reports 17,447 Vulnerabilities Recorded in ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

lancop,
User Rank: Moderator
12/17/2020 | 12:58:37 PM

RE: record number of CVE Vulnerabilities in 2020

Interesting article, but I guess we shouldn't be surprised by the sheer number of CVE's in 2020.

Programmers are still not well trained in secure coding as the industry is more interested in quantity of code than security of code.

But the other problem is the actual elephant in the room: any computer or computer network that has internet access will forever be vulnerable and intrinsically insecure. Every networked device with an internet connection is either one or two user clicks away from compromise or just one determined Red Team's best efforts away from a successful breach. And we learn this lesson over & over again because we've become utterly dependent on an inherently insecure internet infrastructure.

This has become increasingly alarming because our personal information, intellectlual property, defense department data, financial information, and even the electronic door locks on our homes & businesses are all subject to remote attack and successful compromise. All the while, new internet connected products are released almost every day, and sales & marketing people run around selling "the cloud...the cloud". A cloud being a huge blindspot where almost anything could be happening that you won't see coming until the split second when it hits you.

So, we can make an educated guess and say with almost complete certainty that 2021 will report a new record number of CVE's. The beat goes on...

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

Black Hat USA - August 6-11 - Learn More

More Informa Tech Live Events

White Papers

Sumo Logic for Continuous Intelligence

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

AppSec Considerations For Modern Application Development

The Many Risks of Modern Application Development

Endpoint Detection Net Suite Use Cases

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Improving Enterprise Cybersecurity With XDR

Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-31856
PUBLISHED: 2022-07-05

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.

CVE-2022-32310
PUBLISHED: 2022-07-05

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.

CVE-2022-32311
PUBLISHED: 2022-07-05

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.

CVE-2022-32413
PUBLISHED: 2022-07-05

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.

CVE-2022-34972
PUBLISHED: 2022-07-05

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]