Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29370PUBLISHED: 2021-04-13A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460PUBLISHED: 2021-04-13The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462PUBLISHED: 2021-04-13A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463PUBLISHED: 2021-04-13A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
CVE-2021-3471PUBLISHED: 2021-04-13** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
User Rank: Ninja
1/14/2015 | 9:19:49 AM
"Under the new standard we're proposing, companies would have to notify consumers of a breach within 30 days." As far as the notification timeframe is concerned, 30 days seems a bit long. Here is why I think that way. Confirmation of a breach may take more time that most people realize, given the many clever ways that leaves an organization without proper authorization; it could take days or weeks to confirm exfiltration. Further, it may take an even much longer time to even discover an intrusion. So an organization that has been breached has had plenty of time to gather information and compose a notification. In my opinion, the timeframe should be between 7-14 days.