Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ASM

Exploited! NuPoint Unified Messaging (NPM) Component of Mitel MiCollab

The NuPoint Unified Messaging (NPM) module in Mitel MiCollab versions up to 9.8 SP1 FP2 (9.8.1.201) is vulnerable to a path traversal attack caused by insufficient input validation. This vulnerability could be exploited by an unauthenticated attacker to gain unauthorized access to sensitive files, potentially allowing them to read, alter, or delete user data and critical system settings. The Mitel MiCollab Arbitrary File Read Vulnerability combines CVE-2024-41713 with another yet-to-be-assigned issue.

CTEM: The Strategic Imperative for Modern Security Operations

The field of IT security has never been more complex or demanding. As organizations race to adopt digital technologies and modernize their infrastructures, they inadvertently create chaos that overwhelms security teams. This chaos is driven by three critical vectors: the rapid expansion of the attack surface, continual changes to existing assets, and the relentless emergence of new security threats.

The Complete Guide to Attack Surface Analysis: From Mapping to Mitigation

Attack surface analysis is the process of mapping out an organization’s attack surfaces. These consist of the set of attack vectors that an attacker could use to target an organization. Organizations have both external and internal attack surfaces. An external attack surface includes all potential attack vectors that could be used to gain initial access to an organization’s environment from the public Internet.

From Assessment to Implementation: Attack Surface Reduction Guide

An attack surface is the sum total of all the various ways that a cyber threat actor could attack an organization. This includes everything from software vulnerabilities, like SQL injection, to lost and stolen devices to social engineering attacks against the organization’s employees or third-party partners. An organization’s overall attack surface can further be divided into its external and internal attack surfaces.

Gift or Grift? How Retailers Can Combat Cyber Threats This Season

A lot goes into deciding what to buy during the holiday shopping season – shipping times, sale prices, and finding the perfect gift for your niece (who is impossible to shop for) are likely to be at the top of your mind. Unfortunately, attackers are counting on that. An attacker’s best friend is urgency and Black Friday kicks off a perfect season for them.

Emerging Threat: Palo Alto PAN-OS CVE-2024-0012 & CVE-2024-9474

On November 18, 2024, Palo Alto Networks (PAN) fully disclosed two serious vulnerabilities in PAN-OS software that had previously been partially disclosed on November 8th. The first vulnerability, CVE-2024-0012, is a critical severity (9.3) authentication bypass in the PAN-OS management web interface. It allows unauthenticated attackers with network access to gain administrator privileges by bypassing the authentication check entirely, essentially telling the server not to check for authentication at all.

Exploitable! CVE-2024-0012 Authentication Bypass for PAN-OS

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges and perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474.

IONIX Launches Cloud Exposure Validator: Bringing CTEM to Cloud Security

IONIX today announced the release of our Cloud Exposure Validator, a tool designed to reduce cloud vulnerability management noise shifting focus to findings that represent the biggest threats. The Validator addresses the growing challenges organizations face in managing cloud security risks effectively. This blog post explains how.

How to Budget for EASM

External Attack Surface Management, or EASM, has become a necessary component of a proactive cybersecurity strategy. According to research from Enterprise Strategy Group, over 65% of breaches stem from a compromised, externally exposed asset, so knowing your attack surface is key to avoiding breaches. Gartner, for this reason, is recommending EASM as a key pillar in the new approach to proactive security they call Exposure Management.