CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall.

Effective asset management and rapid incident response are crucial for maintaining cybersecurity defenses. To address these needs, and building on its previous Vulnerability Response module integration, CyCognito has announced a new certified integration with ServiceNow’s Configuration Management Database (CMDB).

In the ever-evolving digital landscape, a robust exposure management strategy is critical to safeguarding a company’s assets.

The latest version of the Network and Information Security Directive (NIS 2) has severe implications for companies that provide services or carry out activities in the European Union (EU). NIS 2’s goal is to establish a higher level of security and cyber resilience for member EU states in 18 essential industry sectors. Violations can lead to substantial fines, legal liability and even criminal sanctions on an individual level.

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

I recently sat down with Daniel Maier-Johnson, the Chief Information Security Officer (CISO), and Markus Diehm, Cybersecurity Analyst, with Asklepios Kliniken GmbH, Germany’s second-largest private healthcare provider, to hear about their experience using CyCognito to gain continuous monitoring, prioritize cyber risks, and safeguard patient information. Vital to any healthcare organization, is keeping patient data safe while complying with an ever-growing number of government regulations.

Prioritization in vulnerability management is not just about fixing problems but fixing the right problems at the right time. Not all vulnerabilities have the same level of risk. But gathering details to understand vulnerability impact takes time, a huge challenge for already overworked staff. Many are forced to work backward, taking critical issues obtained from 3rd party sources like CISA KEV or a Reddit forum and then search for assets that it may apply to.

High-value data, mission criticality, and sheer numbers make web applications a compelling target for cyberattacks. According to Verizon’s 2023 Data Breach Investigations Report, web applications were the most commonly exploited vector in both incidents and breaches last year.1 There’s another reason why web applications may be so attractive to threat actors. Most security teams simply cannot keep pace with demands for application updates and patching, testing, and vulnerability remediation.

It feels like the number of security issues affecting vital internet-exposed assets is never-ending. No one can predict the next big vulnerability. But exposure management techniques can help prepare your organization for a wide range of issues by identifying, validating, and mobilizing your response to emerging threats. These processes also include validating fixes and issues, a well-documented mobilization process, and automatic scanning for high value assets.