Threat Advisory: ISC BIND 9.18.0 < 9.18.3 Assertion Failure (CVE-2022-1183)

Threat Denial of Service via TLS Assertion Failure Vulnerability ISC BIND 9.18.0 < 9.18.3 Assertion Failure (CVE-2022-1183)1 CVSS – 7.0 HIGH Vulnerability Publication Date 05/18/2022 Exploitable – Remotely Description BIND is the most used DNS server software in use.2 CVE-2022-1183 allows for a TLS session to be terminated early, resulting in an assertion failure. BIND […]

What To Know About The Top 15 Exploited Vulnerabilities

A recent joint cybersecurity advisory from U.S and allied cybersecurity authorities identified the top exploited vulnerabilities and exposures (CVEs) of last year. Out of the 15 vulnerabilities that made the list, which we’ve placed below, it is interesting to see 11 of the 15 are from 2021. There are 4 other vulnerabilities identified in 2020 and earlier […]

Threat Advisory: Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)

Threat  Remote Code Execution through Microsoft RPC  Vulnerability  Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)1  CVSS – 9.8 CRITICAL  Vulnerability Publication Date – 4/12/2022  Exploits Available – Most Likely     Description  Of the 128 vulnerabilities in Microsoft’s April patch, 10 have a critical severity but CVE-2022-26809 is raising the most concern. The vulnerability […]

Threat Advisory: Spring Framework Spring4Shell Vulnerability (CVE-2022-22965)

Threat  Remote Code Execution (RCE) in the Java Spring Framework  Vulnerability  Spring Framework Spring4Shell (CVE-2022-22965)1  CVSS – 9.8 CRITICAL  Vulnerability Publication Date – 3/31/2022  Exploits Available  Description  The Spring4Shell Remote Code Execution vulnerability affects Apache Tomcat servers running JDK9+ with Spring library versions prior to 5.2.20 or 5.3.x prior to 5.3.18.   After 26 years of […]

Cyber Advisory: Heightened Awareness Related to Russian Cyberattacks

Cyber Advisory: Heightened Awareness Related to Russian Cyberattacks As the Russian invasion of Ukraine progresses, having a heightened awareness for the potential cyber activities associated to the spillover of Russian cyberattacks is necessary. Whether it is spillover effects from the cyberattacks in Eastern Europe or specific targeting of industries attributed to Russia, these pose risks to […]

Four Questions Your Board Will Ask You About Cyber Risk

Four Questions Your Board Will Ask You About Cyber Risk Board members today are increasingly concerned with cybersecurity risks. Recent Gartner research found “Eighty-eight percent of Boards of Directors (BoDs) view cybersecurity as a business risk, as opposed to a technology risk, according to a new survey* from Gartner, Inc.” It’s not surprising given the […]

How Integrated Cyber Risk Management Helps Your Organization

In today’s world, organizations need to have accurate and complete visibility into their entire asset inventory, associated vulnerabilities, and threat landscape, including third-party risks, to understand their complete risk exposure levels to develop a plan for improved cyber risk management outcomes. The problem is, there are a lot of risk management solutions that claim to […]

Cyber Risk Scoring- The FortifyData Scoring Methodology

A cyber risk score is a benchmark score or rating of an organization’s level of risk exposure based on the liabilities related to cybersecurity and IT vulnerabilities. These vulnerabilities can include attack surface (external), internal vulnerabilities (patching, IOCs, port management, etc.), human and environmental risk, vendor/third party risk management processes and more. The cyber risk […]

How to Identify and Mitigate Risks Associated with Log4j Vulnerability

Most people know by now about the critical vulnerability in Log4j. The risk of this vulnerability is the ability for remote attackers to run arbitrary code on any application that uses Log4j, and it is already being actively exploited.  You can find additional information and resources about the vulnerability on the CISA.gov website here.  There are 3 options available to mitigate […]