Making your organization’s attack surface lean and agile improves your cyber resilience and demotivates bad actors. The first step to avoid cyber attacks is to get your attack surface in order. The Sweepatic External Attack Surface Management (EASM) Platform is built to help you with building cyber resilience. It lists, structures and prioritizes observations by criticality. 67%

When a critical vulnerability in the printing system CUPS started raising alarms among security teams, Detectify had already entered war-room mode to address the situation. Within the day, customers could test whether they were vulnerable thanks to the rollout of a new scanning engine framework that reinvents how Detectify operates under the hood, allowing for a faster and more efficient response to security threats.

On November 18, 2024, Palo Alto Networks (PAN) released updated information on an actively exploited vulnerability impacting PAN-OS, the operating system that powers PAN firewalls. Originally disclosed last week as a remote command execution vulnerability, this flaw has now been reclassified as an authentication bypass flaw and assigned CVE-2024-0012.

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.

On November 14, 2024, Palo Alto Networks disclosed five critical vulnerabilities in its Expedition configuration migration tool, a solution designed to simplify the migration of firewall configurations from third-party vendors to Palo Alto Networks’ PAN-OS infrastructure. These vulnerabilities—tracked as CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467—expose users to risks such as unauthorized access, data leakage, and system compromise.

On November 14, 2024, Palo Alto Networks (PAN) revealed that a critical unauthenticated remote command execution vulnerability is being actively exploited against internet-exposed firewall management interfaces. According to their security advisory, Prisma Access and Cloud NGFW are not impacted by this issue. A CVE has not yet been assigned to the vulnerability.

Go developers might need to use system commands for various scenarios, such as image manipulation, where they need to process or resize images or execute system commands to manage resources or gather metrics or logs. At other times, perhaps you are building a new system in Go that needs to interface with existing legacy systems. This interface leans on executing system commands and processing their output.

As organizations continue to embrace digital transformation, their infrastructure increasingly spans cloud environments, third-party integrations, and remote work setups. This shift enhances efficiency and productivity—but also broadens the digital attack surface, creating new points of exposure to the public internet.

Let’s take a look at how traditional vulnerability assessment (VA) tools compare to those built specifically to assess database security. General vulnerability assessment tools have been in use for more than 25 years, so the technology is mature. However, there are significant differences in the tools available and their specific purposes regarding database security management. Many VA solutions on the market offer general vulnerability assessments, focusing on a wide range of IT assets.