The schema includes dozens of vulnerability listings for products including Microsoft Office, SharePoint, and SonicWall
A group of security researchers have put together a comprehensive schema to track common vulnerabilities of popular products. It’s an especially interesting resource because it visually documents how ransomware gangs are using weak points to leverage their way into popular networks and endpoints. The effort was first begun by Allan Liska, author of several tech guides, including one on ransomware defense.
The schema, shown above, includes dozens of vulnerability listings for products such as Microsoft SharePoint, Azure and Exchange, various VPNs, and a collection of SaaS tools.
One of the general Windows vulnerabilities is called the LSA Spoofing Vulnerability, which involves an issue with a remote procedure call that can gain authenticated access to a domain server. The CVE labels for each product show the Common Vulnerability Exchange number that is used to track these issues.
The LSA spoofing issue is cited as CVE 2021-36942, which means it was discovered this year and is one of the more than 36,000 issues that have already been cataloged during 2021. This year alone, ransomware attacks have leveraged Kaseya’s network access products, vulnerabilities in SonicWall products and various issues with Exchange servers, just to name a few. The latter was recently in the news with the Proxyshell Exchange exploits, which had three separate and related vulnerabilities.
The numbers are assigned by a group within Mitre, the consulting firm responsible for numerous open source and government security programs (such as STIX and TAXII standards). The CVE database now contains more than 160,000 different records. As you might imagine, running this program requires a huge amount of volunteer labor — there are six different working groups covering security automation, outreach, and quality assurance, composed of members from academia, industry, and government agency representatives.
The schema production shows the best of the infosec collaboration community. The fact that individual researchers put it together using a series of tweeted suggestions in a matter of a few days is immensely impressive.
The effort is complementary to another one that was produced earlier this year by the CISA agency, which published a seven-step ransomware mitigation guide. This is another resource that includes a wealth of advice related to ransomware attacks, including tips on when to consult with your incident response teams and when to bring law enforcement into the picture.
In one of the biggest leaks in video game history, a user on GTAForums posted 90 videos from a test build of Grand Theft Auto 6.
What's interesting about Uber's latest breach was the speed at which various publications provided coverage, how quickly Uber notified the world, and how much detail we already have about what happened.
The FBI has issued a public warning claiming that they have identified an increasing number of vulnerabilities posed by unpatched medical devices. The FBI's notice is a good reminder of how law enforcement might focus its attention in this area.