Inadequate tools leave AppSec fighting an uphill battle for cloud security
AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive …
vulnerability management
CISOs struggle to manage risk due to DevSecOps inefficiencies
As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production …
Study of past cyber attacks can improve organizations’ defense strategies
Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that …
The era of passive cybersecurity awareness training is over
Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by …
Top 5 security risks for enterprise storage, backup devices
An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, …
CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs
Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US …
The future of vulnerability management and patch compliance
IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. But are …
70% of apps contain at least one security flaw after 5 years in production
Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their …
OSV-Scanner: A free vulnerability scanner for open-source software
After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source …
Product showcase: The Intruder vulnerability management platform
Vulnerability scanning is a fundamental component of every good cyber security strategy – but it can be challenging to get right. Intruder created a vulnerability management …
A year later, Log4Shell still lingers
72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from …
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …