vulnerability management

Financial consequences of ignoring security debt in 2024

Posted on by Admin
Financial consequences of ignoring security debt in 2024

For years, large organizations have leaned on the assurances provided by their software suppliers’ certifications such as SOC 2 and ISO27001, assuming certifications meant that vendors’ security measures were up to par. However, due to a recent shift in hackers focus the spotlight is now turned towards the software supply chain. If it wasn’t crystal clear, then it is now: vendors’ vulnerabilities aren’t just theirs — they’re yours too. What might have once seemed like…

Read More

Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics

Posted on by Admin
Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics

Most IT and security teams would agree that ensuring endpoint security and network access security applications are running in compliance with security policies on managed PCs should be a basic task. Even more basic would be ensuring these applications are present on devices. And yet, many organisations still fail to meet these requirements. A new report from Absolute Security, based on anonymised telemetry from millions of mobile and hybrid PCs that run its firmware-embedded solution,…

Read More

Misconfigurations drive 80% of security exposures

Posted on by Admin
Misconfigurations drive 80% of security exposures

A report from XM Cyber analyzes more than 40 million exposures in order to provide a thorough understanding of the current exposure landscape. The report found that 80% of exposures are caused by identity and credential misconfigurations. Out of these exposures, one-third of them put critical assets at risk of a breach. According to the report, a majority of the exposure is within an organization’s active directory, a critical component for connecting users to network…

Read More

Benefits of Ingesting Data from Amazon Inspector into Cisco Vulnerability Management

Posted on by Admin
Benefits of Ingesting Data from Amazon Inspector into Cisco Vulnerability Management

Co-authored by Tejas Sheth, Sr. Security Specialist, Amazon Web Services – AISPL. Risk-based Vulnerability Management (RBVM) represents a strategic approach to cyber security that focuses on identifying and prioritizing vulnerabilities based on the potential risk they pose to an organization. This approach builds upon traditional vulnerability management, which often involves scanning for and patching all vulnerabilities without considering their actual impact on the business. In RBVM, vulnerabilities are evaluated based on factors like the criticality…

Read More

Enhanced Cybersecurity with Cisco Secure Endpoint and Vulnerability Management

Posted on by Admin
Enhanced Cybersecurity with Cisco Secure Endpoint and Vulnerability Management

Organizations these days face the daunting challenge of effectively prioritizing and responding to security risks and incidents. The combination of Cisco Secure Endpoint and Cisco Vulnerability Management form a powerful automated solution, enabling you to detect, prioritize and manage endpoint vulnerabilities, beginning with the most severe ones. There are two integrations available to help address critical aspects of security, both pre- and post-incident, which not only enhance incident response, but also fortify preventative measures. Post-Incident:…

Read More

Using Data Connectors for a Consolidated View of Risk in Cisco Vulnerability Management   

Posted on by Admin
Using Data Connectors for a Consolidated View of Risk in Cisco Vulnerability Management   

Protecting your organization against cyber threats is a top priority. It’s no secret that data breaches and security vulnerabilities can wreak havoc on businesses. The key to safeguarding your organization? Understanding your risk landscape and taking proactive measures to protect your assets. In this blog post, we’ll dive into Cisco Vulnerability Management’s ability to ingest asset, vulnerability, and fix data from third-party security tools, providing you with a centralized view of risk for effective prioritization…

Read More

Cisco Vulnerability Management Named a Leader in Omdia Universe: RBVM Solutions, 2023

Posted on by Admin
Cisco Vulnerability Management Named a Leader in Omdia Universe: RBVM Solutions, 2023

Omdia released its 2023 Omdia Universe: Risk-Based Vulnerability Management Solutions report, and we’re excited to say that Cisco Vulnerability Management (formerly Kenna.VM) is recognized as a Leader! Risk-based Vulnerability Management (RBVM) builds upon the legacy vulnerability management market with stronger vulnerability prioritization and response. RBVM tackles the problem of determining which vulnerabilities pose a real risk in your environment and need to be patched versus which vulnerabilities you can safely de-prioritize. Improving the efficiency and…

Read More

Vulnerabilities on external attack surfaces live far too long

Posted on by Admin
Vulnerabilities on external attack surfaces live far too long

Vulnerabilities on external attack surfaces live far too long | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This…

Read More

VERT Threat Alert: August 2023 Patch Tuesday Analysis

Posted on by Admin
VERT Threat Alert: August 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180 A vulnerability in Kestrel could allow for a denial of service. Kestrel is the cross-platform web server that is included with (and enabled by default in) ASP.NET Core. When detecting a potentially malicious client, Kestrel…

Read More

VERT Threat Alert: July 2023 Patch Tuesday Analysis

Posted on by Admin
VERT Threat Alert: July 2023 Patch Tuesday Analysis

Tag CVE Count CVEs Windows Image Acquisition 1 CVE-2023-35342 Windows Netlogon 1 CVE-2023-21526 Microsoft Power Apps 1 CVE-2023-32052 Windows Remote Desktop 3 CVE-2023-32043, CVE-2023-35332, CVE-2023-35352 Windows Error Reporting 1 CVE-2023-36874 Windows PGM 1 CVE-2023-35297 Windows CryptoAPI 1 CVE-2023-35339 Windows Cryptographic Services 1 CVE-2023-33174 Windows Installer 2 CVE-2023-32050, CVE-2023-32053 Windows CDP User Components 1 CVE-2023-35326 Windows Transaction Manager 1 CVE-2023-35328 Windows Admin Center 1 CVE-2023-29347 Windows Authentication Methods 1 CVE-2023-35329 Windows Server Update Service 2 CVE-2023-35317,…

Read More
1 2 3 4 5