Mitre Update of Top Software Bugs

BleepingComputer reported today on an update to the Mitre list of top software attacks, bugs, and vulnerabilities.  This list reports the “most common and dangerous weaknesses plaguing software throughout the previous two years”. The ranked list is based on scoring using Common Vulnerabilities and Exposures (CVE) data from 2019 and 2020 obtained from the National Vulnerability Database (NVD).

I found it interesting that OS command injection and path traversal both moved up the list into the top 10.  Those are two simple weaknesses that have been around for a long time.

The BleepingComputer article also referenced the US Cybersecurity and Infrastructure Security Agency (CISA) publication (May 2020) of the top 10 routinely exploited security vulnerabilities between 2016 and 2019 (Note: Link is to a PDF).  That CISA top 10 list is a valuable resource for information and network defenders as it calls out specific malware that you can then arrange your defenses (anti virus / malware, Firewall & IDS rules, SIEM reporting) around.

The Power of Facebook

Welcome to Ford’s Lab!

I recently changed my Facebook setting to point at ‘Ford’s Lab’.

This was an experiment on my part to see how quickly my fellow facebook users would notice the change.  I was sort of shocked that within the first hour a number of my friends had noticed and liked or commented on the change.

Note: I have not changed jobs.