An interesting article that I have just read is talking about vulnerabilities in MongoDB. I'm not that savvy in the DB arena, but I know one or two things in patching systems. The bottom line of that article saying that "Organizations should have a documented patch management process, should scan for vulnerabilities and configuration mishaps, and discover and classify sensitive data and systems so they can properly lock them down."
I agree with that statement. As I have just learned that companies pay a great effort to have their production segments of network well protected, hardened and patched to the latest revision (once Microsoft provided security patch for XP, they are all safe…), however within their enterprise network, it is a different issue. IT pays attention to the servers but ignore the workstations. A few days back, a SOC that I work with found that some 30% of an organization's workstations are using outdated software that their vulnerabilities were well documented into CVEs two to three years back. Did this report meant something to the IT, not a bit, as they are relying on their peripheral cyber barriers to protect them?
They probably never heard from the "malicious authorized user" the inner threat that can cause much more damage, allowing the payload to be safely found the right exploit to breed itself to the entire network.
Credits:
Image source ipa.go.jp (here)
The article that triggered this post (here)
