CIO

NOVEMBER 17, 2022

This is especially true for content management operations looking to navigate the complexities of data compliance while getting the most from their data. IT professionals tasked with managing, storing, and governing the vast amount of incoming information need help. According to IBM , every day people create an estimated 2.5

Software Review 362

Software Review Cloud Software Technical Review 362

CIO

DECEMBER 20, 2022

Accidental misconfigurations pose one of the leading security vulnerabilities IT organizations contend with in the cloud. Development settings in production Imagine making changes in development, only to log off and realize you were in production, potentially breaking the application or locking users out.

Cloud 355

Cloud Firewall Storage Policies 355

CIO

DECEMBER 8, 2023

Increased security, productivity gains and enhancing innovation are among the reasons IT leaders are modernising their device fleets more frequently, new research reveals. Ease of management is another crucial driver. What’s more, they see an opportunity to improve the end-user experience and boost employee productivity.

Research 253

Research Strategy Hardware .Net 253

Tenable

FEBRUARY 22, 2024

The research firm’s latest report also provides market insights that security professionals can use to improve their vulnerability management strategy. ExposureAI will help summarize issues for customers around the significance of a discovered vulnerability in their environment and recommend how they should fix the issue.

Marketing 123

Marketing Machine Learning Artificial Inteligence IoT 123

OTS Solutions

JUNE 21, 2023

Enterprise applications have become an integral part of modern businesses, helping them simplify operations, manage data, and streamline communication. These applications are typically used to manage tasks such as human resources, accounting, and customer relationship management.

Compliance 246

Compliance Enterprise Applications Software Review 246

TechCrunch

MARCH 18, 2022

Mehul Revankar is a cybersecurity professional with over 15 years of experience in vulnerability management, policy compliance and security operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys.

Study 219

Study Systems Review Compliance Policies 219

CIO

SEPTEMBER 7, 2023

As a fintech company, the reliability of our products and services is critical to ensuring that Discover® Financial Services customers can access their money, credit, and accounts when they need to. Like many other companies, Discover has adopted a product-centric approach where the responsibility for reliability sits with the product teams.

Guidelines 244

Guidelines Systems Review Technical Review Exercises 244

Tenable

APRIL 25, 2024

Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances. The campaign included the exploitation of at least two zero-day vulnerabilities. What are the vulnerabilities associated with ArcaneDoor?

Malware 61

Malware Analysis Groups Testing 61

Tenable

JANUARY 16, 2024

Two zero-day vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have been exploited in the wild. Analysis CVE-2023-6548 is a RCE vulnerability in the NetScaler ADC and Gateway appliances. CVE-2023-6549 is a denial of service (DoS) vulnerability in the NetScaler ADC and Gateway appliances. and later releases of 13.0

Authentication 118

Authentication Network Internet Virtualization 118

CIO

OCTOBER 16, 2023

When considering a new terminal emulation solution, organizations tend to be concerned about the conversion impact — the duration of the migration, the end-to-end skills needed, the productivity outcomes that can be expected, and the impact of a rip and replace on day-to-day operations and employee morale.

Compliance 306

Compliance Authentication Windows Technical Support 306

CIO

JULY 17, 2023

Unless the model is understood and followed, it could lead to data, applications, and cloud workloads being exposed to security vulnerabilities. This can occur due to insecure configurations, inadequate access controls, or vulnerabilities in cloud storage or databases. Watch on-demand here. How is the cloud being attacked and why?

Cloud 246

Cloud How To Malware Open Source 246

CIO

JULY 11, 2022

For networking security leaders, too many blind spots in their network security operations means too many vulnerabilities. In this webcast, we’ll explore: The current trending threats facing networks, like authentication vulnerabilities, malware, phishing, and denial of service attacks. How a managed services partner can help.

Network 245

Network WAN Firewall Technology 245

TechCrunch

DECEMBER 15, 2022

Ian Swanson, the co-founder and CEO, said that the capital will be put toward product development and customer outreach as Protect AI emerges from stealth. Protect AI’s first product, NB Defense, is designed to work within Jupyter Notebook, a digital notebook tool popular among data scientists within the AI community. (A

Machine Learning 223

Machine Learning Artificial Inteligence Software Review Systems Review 223

Tenable

FEBRUARY 20, 2024

Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.

Authentication 71

Authentication Research Cloud Data 71

Tenable

FEBRUARY 9, 2024

critical infrastructure through exploitation of known vulnerabilities Background On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system. CVE Description CVSSv3 Severity CVE-2024-21762 Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd 9.6

Malware 123

Malware Authentication Infrastructure Analysis 123

Tenable

MARCH 19, 2024

NIST has announced delays in the CVE enrichment process of its National Vulnerability Database (NVD), but the situation doesn’t impact Tenable VM customers because our vulnerability scoring is based on multiple sources. Our publicly available website [link] can be used as a source of truth for the latest CVE vulnerabilities.

Metrics 53

Metrics Analysis Research 53

Palo Alto Networks

SEPTEMBER 14, 2023

Palo Alto Networks Unit 42 illuminates some of the riskiest security observations around attack surface management (ASM) with the 2023 Unit 42 Attack Surface Threat Report. The report contrasts the dynamic nature of cloud environments with the speed at which threat actors are exploiting new vulnerabilities.

Report 124

Report Internet Cloud Network 124

Prisma Clud

APRIL 3, 2024

Mitigating CVE-2024-3094 By now you’ve likely heard about the vulnerability in XZ Utils Data Compression Library that impacted multiple Linux distributions ( CVE-2024-3094 ) and read the threat brief Palo Alto Networks Unit 42 posted. The following list of questions allows you to plan for a vulnerability like CVE-2024-3094.

Linux 52

Linux Policies Cloud Applications 52

Tenable

SEPTEMBER 11, 2023

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled. Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly.

Groups 121

Groups Report Authentication Software Review 121

Ivanti

APRIL 4, 2024

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. This commitment includes enhancements to our vulnerability management program to better and more quickly identify and address potential issues in collaboration with the broader security ecosystem.

Policies 61

Policies Groups Programming Meeting 61

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 123

Software Review Software Systems Review Authentication 123

Tenable

APRIL 17, 2024

This CPU contains fixes for 239 CVEs in 441 security updates across 30 Oracle product families. Severity Issues Patched CVEs Critical 38 21 High 188 79 Medium 196 122 Low 19 17 Total 441 239 Analysis This quarter, the Oracle Commerce product family contained the highest number of patches at 93, accounting for 21.1%

Authentication 70

Authentication Construction Insurance Healthcare 70

Tenable

NOVEMBER 15, 2023

The Red Hat Vulnerability Scanner Certification for Tenable Nessus represents our commitment to continue providing customers with visibility into their Red Hat Enterprise Linux systems. Tenable is proud to announce that it has received the Red Hat Vulnerability Scanner Certification. The journey can be summarized in two parts.

Linux 73

Linux Testing Meeting Study 73

Tenable

MARCH 29, 2024

Has Tenable released any product coverage for these vulnerabilities? As of March 29, Tenable Research is investigating product coverage. A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-3094 as they’re released.

Linux 142

Linux Open Source Authentication Operating System 142

Ooda Loop

APRIL 17, 2024

Ivanti, an IT software company, recently released fixes for 27 vulnerabilities in its Avalanche enterprise mobile device management (MDM) product, including two critical-severity bugs allowing command execution.

Authentication 59

Authentication Mobile Enterprise Software 59

Tenable

MARCH 14, 2024

Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software. CVE Description CVSSv3 Severity CVE-2023-48788 Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command) 9.3

Software Review 68

Software Review Systems Review Authentication Infrastructure 68

Tenable

OCTOBER 23, 2023

Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable. In 2022 alone, more than 25,000 new Common Vulnerabilities and Exposures (CVEs) were disclosed.

Technical Review 73

Technical Review Study Policies Report 73

Ivanti

APRIL 8, 2024

The constant stream of cybersecurity threats that organizations face—coupled with the very real impact they carry—have made the need for a robust IT risk management process painfully clear. In this concise IT risk management guide, we’ll cover: What is IT risk management? Five steps for risk management in IT.

How To 71

How To Technical Review Policies Software Review 71

Tenable

MARCH 29, 2024

The 52-page report, titled “ Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, ” touches on cybersecurity and fraud protection; fraud threats; the regulatory landscape; and major challenges and opportunities. One of the bugs was exploited in the wild by the CL0P ransomware gang.

Systems Review 67

Systems Review Weak Development Team Banking System 67

Ooda Loop

APRIL 17, 2024

Armis, a cyber exposure management firm, has acquired Silk Security, a cyber risk prioritization and remediation company, for $150 million.

Company 59

Company 59

Tenable

OCTOBER 10, 2023

Microsoft addresses 103 CVEs including two vulnerabilities that were exploited in the wild. We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products. Details about this flaw are included in our analysis below.

Windows 117

Windows Software Review Azure Systems Review 117

Ivanti

MARCH 12, 2024

Post-patch Tuesday, two vulnerabilities that were resolved in the February update were found to be targeted by exploits in the wild. The two CVEs were Windows Kernel Elevation of Privilege vulnerability ( CVE-2024-21338 ) and Exchange Server Elevation of Privilege vulnerability ( CVE-2024-21410 ).

Windows 89

Windows Media Technology 89

Tenable

JANUARY 26, 2024

In such an environment, skills are critical,” writes Touhill, who was the U.S. federal government’s first CISO, appointed by former President Barack Obama. Rounding out the top 5 business risk rankings were business interruption; natural catastrophes; changes in legislation and regulation; and macroeconomic developments.

Artificial Inteligence 117

Artificial Inteligence Artificial Intelligence Weak Development Team Technical Advisors 117

Tenable

DECEMBER 10, 2021

CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell). Critical vulnerability in the popular logging library, Log4j 2, impacts a number of services and applications, including Minecraft, Steam and Apple iCloud. the vulnerability has arrived pic.twitter.com/XUR7I5ydpP.

Applications 143

Applications Research Report Games 143

Tenable

NOVEMBER 30, 2023

Want to get a lot more value out of your vulnerability scans? The scan configurations we observe in Tenable’s SaaS products are telling: our customers run unauthenticated scans 20 times more than authenticated ones. And there are certainly users who are unclear about how credentials work in the product. Why the substantial gap?

Authentication 74

Authentication Software Review SMB Systems Review 74

Tenable

JANUARY 23, 2024

Analysis CVE-2023-22527 is a template injection vulnerability in Atlassian Confluence Data Center and Server. This vulnerability only affects out-of-date versions of these products. We are detecting activity for CVE-2023-22527, which relates to a critical Atlassian Confluence Template Injection RCE vulnerability.

Data Center 70

Data Center Technical Advisors Data Report 70

Ivanti

OCTOBER 10, 2023

Apple had five zero-day vulnerabilities across most of their products culminating in their updates that were released on September 26th (which also included the EoL of Big Sur). Google and Mozilla continued to be busy with several zero-day vulnerabilities in the open-source library, Libwebp. They should be released next week.

Software Review 110

Software Review Linux Windows Azure 110