Please turn on your JavaScript for this page to function normally.

vulnerability management

patch
The future of vulnerability management and patch compliance

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. But are …

bug
70% of apps contain at least one security flaw after 5 years in production

Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their …

open source security
OSV-Scanner: A free vulnerability scanner for open-source software

After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source …

Intruder.io
Product showcase: The Intruder vulnerability management platform

Vulnerability scanning is a fundamental component of every good cyber security strategy – but it can be challenging to get right. Intruder created a vulnerability management …

Log4j
A year later, Log4Shell still lingers

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from …

Oracle
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …

CISA
SSVC: Prioritization of vulnerability remediation according to CISA

Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability …

data
How can CISOs catch up with the security demands of their ever-growing networks?

Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have …

CISA
CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and …

Hand
Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password …

Hand
Backlogs larger than 100K+ vulnerabilities but too time-consuming to address

Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in …

Log4j
How to address the ongoing risk of Log4j exploitation and prepare for the future

“Vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer,” the Cyber Safety Review Board (CSRB) has concluded. …

Don't miss

Cybersecurity news