vulnerability management
SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability …
How can CISOs catch up with the security demands of their ever-growing networks?
Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have …
CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration
A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and …
Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password …
Backlogs larger than 100K+ vulnerabilities but too time-consuming to address
Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in …
How to address the ongoing risk of Log4j exploitation and prepare for the future
“Vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer,” the Cyber Safety Review Board (CSRB) has concluded. …
The enemy of vulnerability management? Unrealistic expectations
Organizations vary by size, industry, level of maturity, but one thing that they all have in common is needing to know how to quickly remediate security vulnerabilities. As an …
Why are current cybersecurity incident response efforts failing?
Business-critical applications, such as enterprise resource planning (ERP) systems provided by SAP and Oracle, are considered the crown jewels of the enterprise. These assets …
The 15 most exploited vulnerabilities in 2021
In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Why a modern vulnerability management strategy requires state-of-the-art solutions
In this interview with Help Net Security, Stephen Carter, CEO at Nucleus Security, explains the importance of having a vulnerability management strategy within an …
Featured news
Resources
Don't miss
- Coinbase suffers data breach, gets extorted (but won’t pay)
- Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
- Building cybersecurity culture in science-driven organizations
- How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
- Google strengthens secure enterprise access from BYOD Android devices