Managing the aftermath of the MOVEit Vulnerability
Here are steps to mitigate software supply chain risks and minimize the potential for data loss and other serious consequences from the MOVEit Vulnerability.
Penetration Testing vs Vulnerability Assessments: Understanding the Differences
Penetration testing and vulnerability assessments are two important components of any organization’s cybersecurity strategy.
4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization
Organizations have been using CVSS scores to prioritize vulnerabilities, but risk-based prioritization considers the specific context of a business.
How Old Vulnerabilities Introduce Zero-Day Risks
Zero-day risks from bad vulnerability management allows previously reported vulnerabilities to reappear as new.
You Can’t Patch What You Can’t See (Why Asset Discovery is an Essential Piece of Vulnerability Management)
The first step in effective vulnerability management is effective asset discovery — identifying and mapping all the assets in your environment.
Threat Advisory: Chromium Zero Day (MS Edge and Google Chrome)
The Chromium Zero Day Vulnerability (CVE-2022-2294) affects MS Edge and Google Chrome.
Threat Advisory: ISC BIND 9.18.0 < 9.18.3 Assertion Failure (CVE-2022-1183)
Threat Denial of Service via TLS Assertion Failure Vulnerability ISC BIND 9.18.0 < 9.18.3 Assertion Failure (CVE-2022-1183)1 CVSS – 7.0 HIGH Vulnerability Publication Date 05/18/2022 Exploitable – Remotely Description BIND is the most used DNS server software in use.2 CVE-2022-1183 allows for a TLS session to be terminated early, resulting in an assertion failure. BIND […]
What To Know About The Top 15 Exploited Vulnerabilities
A recent joint cybersecurity advisory from U.S and allied cybersecurity authorities identified the top exploited vulnerabilities and exposures (CVEs).
Threat Advisory: Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)
Threat Remote Code Execution through Microsoft RPC Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809)1 CVSS – 9.8 CRITICAL Vulnerability Publication Date – 4/12/2022 Exploits Available – Most Likely Description Of the 128 vulnerabilities in Microsoft’s April patch, 10 have a critical severity but CVE-2022-26809 is raising the most concern. The vulnerability affects […]
Threat Advisory: Spring Framework Spring4Shell Vulnerability (CVE-2022-22965)
Threat Remote Code Execution (RCE) in the Java Spring Framework Vulnerability Spring Framework Spring4Shell (CVE-2022-22965)1 CVSS – 9.8 CRITICAL Vulnerability Publication Date – 3/31/2022 Exploits Available Description The Spring4Shell Remote Code Execution vulnerability affects Apache Tomcat servers running JDK9+ with Spring library versions prior to 5.2.20 or 5.3.x prior to 5.3.18. After 26 years of […]