Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7164PUBLISHED: 2019-02-20SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2018-20025PUBLISHED: 2019-02-19Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2018-20026PUBLISHED: 2019-02-19Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2018-9867PUBLISHED: 2019-02-19In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier.
CVE-2019-5780PUBLISHED: 2019-02-19Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
User Rank: Ninja
7/10/2018 | 8:47:22 PM
AlienVault are the folks behind Open Threat Exchange (OTX). It's one of the coolest communities out there based around threat data sharing and discussion. I jumped on board as soon as I had the opportunity. Part of what made this possible was AlienVault's then independent status, and later collaboration with Intel and HP brought valuable realtime data into the mix. What if AT&T had acquired AlienVault in 2011? Would OTX have even been released, or would it have carried a hefty subscription fee?
I worry acquisition of forward-thinking cybersecurity firms like AlienVault could have a negative impact on projects like OTX. While not the same setup as AlienVault, I can't imagine what would become of RedTeam Security, for example, if Verizon were to acquire them. I hate to see my favorite cyber warriors getting snatched up, but out of respect for their founders I also wish them the best. We wouldn't be where we are today without them.