September 26, 2024 at 07:51AM Businesses often rely on the Common Vulnerability Scoring System (CVSS) for vulnerability prioritization. However, CVSS does not factor in real-world threat data. In contrast, the Exploit Prediction Scoring System (EPSS) predicts the likelihood of a vulnerability being exploited in the next 30 days. EPSS offers a more efficient and effective … Read more
September 23, 2024 at 10:19AM Employees increasingly turn to unauthorized IT solutions, known as “shadow IT,” to improve productivity, posing security and compliance risks. This involves using unapproved devices, software, and services. To manage these risks, strategies include identifying root causes, educating employees, establishing clear policies, and leveraging technology tools. Adopting External Attack Surface Management … Read more
September 16, 2024 at 01:21PM SecurityWeek will host the 2024 Attack Surface Management Summit as a fully immersive virtual event on September 18th. The summit will focus on foundational strategies for protecting corporate assets through reducing attack surface. Join leading cybersecurity experts to explore trends, challenges, and innovations in Attack Surface Management. Register for free … Read more
August 30, 2024 at 07:39AM Cybersecurity giants Check Point Software and Cisco are continuing their investments in AI, with recent acquisitions of startups Cyberint and Robust Intelligence. Both companies aim to strengthen their AI capabilities for threat detection and risk management. Check Point seeks to expand its security operations center with Cyberint’s expertise, while Cisco … Read more
August 23, 2024 at 07:30AM Exposure management goes beyond attack surface management by including data assets, user identities, and cloud account configurations. It ensures continuous evaluation of digital assets’ visibility, accessibility, and vulnerability. Unlike traditional vulnerability management, exposure management considers all threat vectors, including misconfigurations and unpatched vulnerabilities, allowing prioritization and strategic focus on critical … Read more
August 2, 2024 at 06:43AM The UK’s NCSC plans to launch ACD 2.0, a refreshed suite of cyber defense services. Specific details are yet to be revealed, but key principles include providing unique capabilities and transferring services to other government or industry partners within three years. The NCSC seeks input from various sectors for future … Read more
June 13, 2024 at 05:25PM NetSPI acquires Hubble, a Northern Virginia-based cyber asset attack surface management solution. The integration will empower security teams with complete visibility of their attack surfaces and asset management. NetSPI CEO, Aaron Shilts, highlights the importance of the acquisition on the company’s journey towards proactive security. Founder Tom Parker will join … Read more
May 6, 2024 at 10:54AM A critical unpatched security flaw in the Tinyproxy service impacts more than half of the 90,310 exposed hosts, making them vulnerable to remote code execution. The vulnerability, with a CVSS score of 9.8, affects versions 1.10.0 and 1.11.1 and is being actively exploited. Users are urged to update to the … Read more
May 2, 2024 at 06:27AM Vulnerability scans, akin to antivirus software, rely on a database of known weaknesses. With a rapidly increasing number of vulnerabilities, a single scanning engine struggles to keep up. Incorporating multiple scanning engines, like Nuclei from Intruder, enhances coverage, revealing a broader view of the attack surface and minimizing exposure. This … Read more
April 3, 2024 at 07:51AM Attack surface management (ASM) and vulnerability management (VM) are often confused but differ in scope. VM uses automated tools to identify and prioritize security issues on known assets, while ASM focuses on detecting all digital assets and minimizing exposure to prevent exploitation. Used together, they create a more comprehensive cybersecurity … Read more