Check Point, Cisco Boost AI Investments with Latest Deals

August 30, 2024 at 07:39AM Cybersecurity giants Check Point Software and Cisco are continuing their investments in AI, with recent acquisitions of startups Cyberint and Robust Intelligence. Both companies aim to strengthen their AI capabilities for threat detection and risk management. Check Point seeks to expand its security operations center with Cyberint’s expertise, while Cisco … Read more

Focus on What Matters Most: Exposure Management and Your Attack Surface

August 23, 2024 at 07:30AM Exposure management goes beyond attack surface management by including data assets, user identities, and cloud account configurations. It ensures continuous evaluation of digital assets’ visibility, accessibility, and vulnerability. Unlike traditional vulnerability management, exposure management considers all threat vectors, including misconfigurations and unpatched vulnerabilities, allowing prioritization and strategic focus on critical … Read more

UK plans to revamp national cyber defense tools are already in motion

August 2, 2024 at 06:43AM The UK’s NCSC plans to launch ACD 2.0, a refreshed suite of cyber defense services. Specific details are yet to be revealed, but key principles include providing unique capabilities and transferring services to other government or industry partners within three years. The NCSC seeks input from various sectors for future … Read more

NetSPI Acquires Hubble, Adds CAASM to Complement its IEASM

June 13, 2024 at 05:25PM NetSPI acquires Hubble, a Northern Virginia-based cyber asset attack surface management solution. The integration will empower security teams with complete visibility of their attack surfaces and asset management. NetSPI CEO, Aaron Shilts, highlights the importance of the acquisition on the company’s journey towards proactive security. Founder Tom Parker will join … Read more

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

May 6, 2024 at 10:54AM A critical unpatched security flaw in the Tinyproxy service impacts more than half of the 90,310 exposed hosts, making them vulnerable to remote code execution. The vulnerability, with a CVSS score of 9.8, affects versions 1.10.0 and 1.11.1 and is being actively exploited. Users are urged to update to the … Read more

When is One Vulnerability Scanner Not Enough?

May 2, 2024 at 06:27AM Vulnerability scans, akin to antivirus software, rely on a database of known weaknesses. With a rapidly increasing number of vulnerabilities, a single scanning engine struggles to keep up. Incorporating multiple scanning engines, like Nuclei from Intruder, enhances coverage, revealing a broader view of the attack surface and minimizing exposure. This … Read more

Attack Surface Management vs. Vulnerability Management

April 3, 2024 at 07:51AM Attack surface management (ASM) and vulnerability management (VM) are often confused but differ in scope. VM uses automated tools to identify and prioritize security issues on known assets, while ASM focuses on detecting all digital assets and minimizing exposure to prevent exploitation. Used together, they create a more comprehensive cybersecurity … Read more

Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory

March 8, 2024 at 11:56AM New proof-of-concept exploits are targeting the Atlassian Confluence Data Center and Confluence Server flaw, allowing attackers to execute code within Confluence’s memory without leaving a trace on the file system. Vulnerability CVE-2023-22527 has become a hub of malicious activity, with 30 unique in-the-wild exploits, including the use of the “infamous” … Read more

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

February 29, 2024 at 07:09AM Staying ahead in cybersecurity is crucial for IT leaders in protecting organizations. The text discusses the impact of data breaches, increasing cybersecurity spending, and maximizing cybersecurity resources. It highlights the importance of a risk-based approach, focusing on external attack surfaces, end user credentials, vulnerability remediation, and threat intelligence to optimize … Read more

Criminal IP ASM: A new cybersecurity listing on Microsoft Azure

February 6, 2024 at 10:11AM AI SPERA, a Microsoft ISV partner, announced the availability of Criminal IP ASM on the Microsoft Azure Marketplace. Criminal IP ASM is an Automated Attack Surface Management SaaS solution that utilizes IP-based security monitoring technology to quickly identify vulnerabilities and manage assets. It is ideal for companies requiring continuous threat … Read more