Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Featured Post
cycognito

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito
The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.
Read Post
cycognito

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

Oct 16, 2024 By Emma Zaballos In CyCognito
On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.
Read Post
cycognito

Emerging Security Issue: Multiple CUPS Vulnerabilities

Oct 16, 2024 By Emma Zaballos In CyCognito
On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.
Read Post
cycognito

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

Oct 16, 2024 By Emma Zaballos In CyCognito
CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.
Read Post
cycognito

Six Signs that Exposure Management is Right for Your Organization

Oct 14, 2024 By Jason Pappalexis In CyCognito
Whether you’re the CISO or part of the incident response team, it’s likely you have heard of exposure management (EM). Introduced by Gartner in 2022 as the evolution of vulnerability management (VM), the name “exposure management” was adopted by vendors faster than you can say “next gen” or “AI-powered”. Unfortunately for consumers the hype added more confusion than clarity. This blog is a chance to reset expectations.
Read Post
cycognito

Five Questions Your EASM Vendor Doesn't Want You to Ask

Oct 7, 2024 By Tim Matthews In CyCognito
With EASM now a critical piece of security operations, it seems like every vendor is jumping into the EASM pool. But not all EASM products are created equal. Companies in adjacent markets, like threat intelligence, are creating attack surface scanning products that are well short of enterprise grade. The shortcomings of these basic EASM products can waste time, erode confidence in security teams, and give an inaccurate picture of organizational risk.
Read Post
cycognito

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Oct 1, 2024 By Emma Zaballos In CyCognito
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.
Read Post
cycognito

Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987

Sep 30, 2024 By Emma Zaballos In CyCognito
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints.
Read Post
cycognito

Think your attack surface is covered? Let's look at the math.

Sep 30, 2024 By Jason Pappalexis In CyCognito
When it comes to security, organizations often consider themselves well-covered. But in today’s landscape, where cybersecurity threats evolve at breakneck speed, even the most well-prepared teams cannot afford to have testing gaps. The reality is that if your primary strategy for removing security testing gaps is tightening scanning policies or expanding penetration test scope, you are trying to patch a dam with bubble gum. Is your attack surface covered?
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.