Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A New Framework: Understanding Exposure Management

Savvy security leaders are moving from the legacy framework of vulnerability management to the emerging framework of exposure management because it solves their biggest challenges. The attack surface, which now contains cloud assets, distributed and mobile employees, and Internet of Things (IoT) integrated into every aspect of the workplace, is too complicated and changes too quickly to be managed with outdated methods and technologies.

Web Application Security: From Business Risk to Technical Defense

Web applications are many organizations’ primary point of contact with their customers, but they’re also one of their greatest vulnerabilities. Most web applications contain at least one exploitable vulnerability, and the repercussions of a successful exploit can be devastating for an organization or its customers. In this article Web application security focuses on identifying, remediating, and defending web applications to reduce an organization’s vulnerability to attack.

Security Alert Overload: Causes, Costs, & Solutions

In 2023, the Los Angeles Police Department responded to a series of triggered alarms at a GardaWorld cash storage warehouse in a suburban neighborhood in the San Fernando Valley. All thirteen were deemed to be false positives. In this article A year later, four more alarms rang at the same facility: one just before midnight on March 30th and the other three on Easter Day.

The Essential Guide to Vulnerability Management Tools

Vulnerability management programs attempt to identify and correct software vulnerabilities before they pose a significant threat to an organization’s cybersecurity. To learn more about how to design and implement a vulnerability management program, check out these resources: This article describes the tools that an organization will need to implement an effective vulnerability management program.

Emerging Threat: FortiJump (CVE-2024-47575)

CVE-2024-47575, also known as FortiJump, is a critical (9.8) missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Threat researcher Kevin Beaumont published a blog post on October 22nd, 2024 identifying this vulnerability as a zero day. This vulnerability is separate from CVE-2024-23113, which also affects FortiGate devices.

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.

Emerging Security Issue: Multiple CUPS Vulnerabilities

On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.

Six Signs that Exposure Management is Right for Your Organization

Whether you’re the CISO or part of the incident response team, it’s likely you have heard of exposure management (EM). Introduced by Gartner in 2022 as the evolution of vulnerability management (VM), the name “exposure management” was adopted by vendors faster than you can say “next gen” or “AI-powered”. Unfortunately for consumers the hype added more confusion than clarity. This blog is a chance to reset expectations.