|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EXT] CVE's for malware/backdoors
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: [EXT] CVE's for malware/backdoors
- From: Kurt Seifried <kurt@seifried.org>
- Date: Fri, 4 Jan 2019 22:27:57 -0700
- Authentication-results: spf=softfail (sender IP is 198.49.146.235) smtp.mailfrom=seifried.org; lists.mitre.org; dkim=fail (signature did not verify) header.d=seifried-org.20150623.gappssmtp.com;lists.mitre.org; dmarc=none action=none header.from=seifried.org;
- Delivery-date: Mon Jan 7 07:40:57 2019
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=oKam4Bf39tYtmZPB93kUxOEQRJ4s8vq8WEW2ngPo18g=; b=nTHp8q368Ah+a2q4/hcYs8dSqt5l/0QnT81l5RvsC/F+78fOU6lYpzpnlgVysWjTwE 8qCgeNQ0D1vUFEydnq6SXUJ/5bmnKNIHT6xCfKwx0UHgyuwIveYMAIYMAjwB7XsAw3CB 50dVzUskUsEoth+Xqkg7gRS8tBHyw243bZa7bSfxohCFecwUqZcfmtD15CojkHDXdy1U n3PLJ3p7+arENIwINDcx0a0sNPhhiZGpq5htV7UdVU/wB9oW2qornYM3JnR1zQueyjPF 4/lYXulvX+les74bpDzHaJVzV+kpG0nlzgNG4B0yWkaZgTF2ax5dslB+p1BbUFoTFQFT 8fFA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Please note I've already slipped a few in, e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000203
Also please read:
This type of attack will only become more common, it's the soft underbelly of OpenSource (dependancy chains a mile long, many of which are not actively maintained, or have someone who would happily hand over control to a trustworthy party). I think we need to officially include backdoors like this in scope, and also look at other malware types of activity (e.g. the stealing of data, is that not an exposure?).
--
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- Follow-Ups:
- Re: [EXT] CVE's for malware/backdoors
- From: Kurt Seifried <kurt@seifried.org>
- Re: [EXT] CVE's for malware/backdoors
- Next by Date: Re: [EXT] CVE's for malware/backdoors
- Next by thread: Re: [EXT] CVE's for malware/backdoors
- Index(es):