I attended a business gathering the other day and someone asked me who our ideal customer would be. Our ideal customer is a small business owner that is concerned about cybersecurity, wants to do something about it, but doesn't know what to do.
The solutions we offer recognize that small businesses don't have endless dollars to throw at security. With that in mind, I love Thinkst Canaries but $5000 for two of them immediately pushes up against that cost barrier. As an alternative, we can use OpenCanary installed on some modest hardware and drive the cost down significantly.
In your arsenal of goodies, canaries are useful because unlike most other devices on the network which have thresholds, canaries alert off of a single hit. And for a good reason because there's no reasonable explanation why this box should be touched unless someone is up to no good.
Disclosure date: 9/5/19
CVE-2019-16059
Sentrifugo 3.2 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
You find a missing mapped drive and / or you attempt to map to a drive and you receive an error stating: "You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack."
"Textpattern is a free and open-source content management system based on PHP and MySQL, originally developed by Dean Allen and now developed by Team Textpattern. While it is often listed among weblogging tools, its aim is to be a general-purpose content management system suitable for deployment in many contexts."
As far as content management systems go, it's fairly simple to install and it's also quite intuitive if you've used any of the other systems out there. That said, it has a lot of little bugs that make me wonder what could be found if you really did a deep dive. Everything I found is on the authenticated side but some of it can impact the unauthenticated visitor.
Disclosure date: 09/12/19
CVE-2019-16238
Afterlogic Aurora v8.3.9-build-a3 and possibly before are affected by a cross site scripting vulnerability that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.
Vendor notification date: 9/10/19
Vendor has acknowledged the vulnerability and plans to address this issue in the next build.
See mitigation information at the bottom of this post.
Read more: Afterlogic Aurora v8.3.9-build-a3 - XSS / Session Hijack
Disclosure date: 08/26/19
CVE-2019-15720
CloudBerry Backup v6.1.2.34 and possibly older versions are vulnerable to local privilege escalation via the Pre and Post backup action. With only user level access, the user can modify the backup plan and add a Pre backup action script which executes on behalf of NT AUTHORITY\SYSTEM.
Cloudberry Lab was notified of this vulnerability on 8/23/19 and acknowledged the issue in the subsequent days.
Read more: CloudBerry Backup v6.1.2.34 Local Privilege Escalation