Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027PUBLISHED: 2021-06-14A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693PUBLISHED: 2021-06-14net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...
Latest Comment: This comment is waiting for review by our moderators.
The State of Cybersecurity Incident ResponseIn this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Tweet This
0 Comments
User Rank: Apprentice
5/28/2021 | 11:55:07 AM
We find that one of the best ways to increase overall employee engagement in the organization's security program, is to find ways to promote proactive behavior through gamification, management involvement, and meaningful KPIs KRIs built around the reaction/interaction to threats and potential threats. For example, when it comes to simulated phishing - instead of looking at click through rates as the key metric, organizations can focus on the proactive reporting of threats and the "see something, do something mentality" in order to create a more positive experience overall, thus improving employee willingness to engage in good habits, behavior and ultimately, changing one's identity with a more proactive inherent scrutiny in how they process and respond to information. Organizations who traditionally kneejerk enroll employees immediately after failing a phishing test tend to promote an adversarial relationship between IT and the work force. Although click through rates can provide some meaning information about areas of risk, incentives around the promotion of proactive behavior and employees becoming proactive cybersecurity citizens is one of the best ways to enhance engagement across a security awareness program and empower employees and teams to identify and stop threats.