Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What are your most important corporate assets? Like most companies, you probably have mission-critical assets and those that play a smaller role in your revenue and continuity. You are also likely to be using Vulnerability Management or Assessment tools to lock down where those assets can potentially be compromised. Vulnerability Prioritization combines asset importance and potential for risk.

Prioritization in vulnerability management is not just about fixing problems but fixing the right problems at the right time. Not all vulnerabilities have the same level of risk. But gathering details to understand vulnerability impact takes time, a huge challenge for already overworked staff. Many are forced to work backward, taking critical issues obtained from 3rd party sources like CISA KEV or a Reddit forum and then search for assets that it may apply to.

SolarWinds has recently addressed a critical security flaw, designated as CVE-2024-28995, in its Serv-U Managed File Transfer and Secure FTP software. This vulnerability, discovered by Hussein Daher, involves a directory traversal flaw that allows unauthenticated attackers to access sensitive files on the host system.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that a company depends on for a particular first-party service (such as their website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

IONIX’s Cloud Cross-View (CCV) uses cloud integrations to broaden the scope of attack surface mapping and coverage beyond traditional methods of monitoring. CCV extends asset analysis to consider aspects that are specific to cloud environments. This complements CSPM and CNAPP solutions by enriching them with broader attack surface data obtained through IONIX’s EASM capabilities.

High-value data, mission criticality, and sheer numbers make web applications a compelling target for cyberattacks. According to Verizon’s 2023 Data Breach Investigations Report, web applications were the most commonly exploited vector in both incidents and breaches last year.1 There’s another reason why web applications may be so attractive to threat actors. Most security teams simply cannot keep pace with demands for application updates and patching, testing, and vulnerability remediation.

CVE-2024-24919 is a critical security vulnerability identified in Check Point Quantum Security Gateway, a widely used network security appliance. This vulnerability allows attackers to exploit the gateway, leading to the exposure of sensitive information. As a zero-day exploit, it presents significant risks to organizations relying on Check Point for their network security.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that your company depends on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

It is a proud and exciting day for me to announce that Bugcrowd has acquired Informer. On this momentous day, I can’t help but take a walk down memory lane, thinking about the past decade of hard work and innovation that led us to this moment. Ten years ago, I founded a specialist penetration testing business called The Security Bureau. As our client base grew, certain patterns emerged and it became clear that many organizations were unsure of exactly which assets were internet-facing.