Every business has mission critical activities. Security controls are meant to protect those critical activities to ensure business operations and strategic goals can be sustained indefinitely. Using an “Install and forget”-approach to security provides few assurances for achieving these objectives. An ever-changing digital landscape means a security gap could lead to a high stakes data […]
Vulnerability disclosures took a summer vacation in July; only 3,135 new CVES were published, down almost 40% from May 2024’s record setting month. Last month we talked about cybersecurity on the edge, referring to the increasing number of attacks against perimeter network devices. That post’s title also hinted that globally, IT may be skirting catastrophic […]
The cybersecurity threat environment has never been hotter or the stakes higher, and the cybersecurity community forecasts more of the same. But, while there are more vulnerabilities for attackers to exploit, analysts also report that perpetrators are exploiting vulnerabilities faster, weaponizing new security advisories in a matter of days, maybe even hours after their publication. […]
IT security teams don’t necessarily need to know what CSAF is, but on the other hand, familiarity with what’s happening “under the hood” of a vulnerability management platform can give context to how next-gen vulnerability management is evolving, and the advantages of automated vulnerability management. In this article, we take an introductory journey through CSAF 2.0, […]
Before this year, 3,000 CVEs (Common Vulnerabilities and Exposures) had never been published in a single month. 2024 has been a string of record breaking months for vulnerability disclosure; over 5,000 CVEs were published in May 2024. While June offered a lapse from the storm, some may be questioning whether delivering a secure software product […]
Public-key cryptography underpins enterprise network security and thus, securing the confidentiality of private keys is one of the most critical IT security challenges for preventing unauthorized access and maintaining the confidentiality of data. While Quantum Safe Cryptography (QSC) has emerged as a top concern for the future, recent critical vulnerabilities like CVE-2024-3094 (CVSS 10) in […]
May 2024 made April’s record breaking CVE mountain into a mole-hill. The previous record for most CVEs published in a month grew by 36.9%. In total, a staggering 5061 vulnerabilities were added in May 2024. Considering the potentially high cost of a data breach, security teams need to stay in the loop with current cybersecurity […]
From a bird’s eye view, the cumulative cost of cyber-crime is estimated to reach 9.2 Trillion USD globally in 2024. According to the 2023 IBM X-Force Cost of a Data Breach Report, a single breach imposes an average of 4.45M USD of financial damage on a victim and while US firms incur more than double […]
April 2024 has compounded another record breaking month for CVE disclosure on top of the last. In this month’s threat tracking report we will investigate several new actively exploited vulnerabilities and quickly review the cyber breach of US R&D giant MITRE. The report will also uncover how end-of-life (EOL) products can have a detrimental impact […]
March 2024 was another eventful month for vulnerabilities and cybersecurity in general. It was the second consecutive month of lapsed Common Vulnerability Exposure (CVE) enrichment putting defenders in a precarious position with reduced risk visibility. The Linux kernel continued its elevated pace of vulnerability disclosures and was commissioned as a new CVE Numbering Authority (CNA). […]
