Entries by Joseph Lee

Understanding CSAF 2.0 Stakeholders and Roles

The Common Security Advisory Framework (CSAF) is a framework for providing machine-readable security advisories following a standardized process to enable automated cybersecurity information sharing. Greenbone is continously working on the integration of technologies that leverage the CSAF 2.0 standard for automated cybersecurity advisories. For an introduction to CSAF 2.0 and how it supports next-generation vulnerability […]

October 2024 Threat Report: Ransomware Rising Defenders Must Respond

October was European Cyber Security Month (ECSM) and International Cybersecurity Awareness month with the latter’s theme being “Secure Our World”. It’s safe to say that instilling best practices for online safety to individuals, businesses and critical infrastructure is mission critical in 2024. At Greenbone, in addition to our Enterprise vulnerability management products, we are happy […]

September 2024 Threat Tracking: Speed Before Safety?

A 2023 World Economic Forum report surveyed 151 global organizational leaders and found that 93% of cyber leaders and 86% business leaders believe a catastrophic cyber event is likely within the next two years. Still, many software vendors prioritize rapid development and product innovation above security. This month, CISA’s Director Jen Easterly stated software vendors […]

August 2024 Threat Tracking: Threats on the Rise

The cybersecurity risk environment has been red hot through the first half of 2024. Critical vulnerabilities in even the most critical technologies are perpetually open to cyber attacks, and defenders face the continuous struggle to identify and remediate these relentlessly emerging security gaps. Large organizations are being targeted by sophisticated “big game hunting” campaigns by […]

KPI for Measuring Vulnerability Management Performance

Every business has mission critical activities. Security controls are meant to protect those critical activities to ensure business operations and strategic goals can be sustained indefinitely. Using an “Install and forget”-approach to security provides few assurances for achieving these objectives. An ever-changing digital landscape means a security gap could lead to a high stakes data […]

July 2024 Threat Tracking: Summer Break for Vulnerabilities?

Vulnerability disclosures took a summer vacation in July; only 3,135 new CVES were published, down almost 40% from May 2024’s record setting month. Last month we talked about cybersecurity on the edge, referring to the increasing number of attacks against perimeter network devices. That post’s title also hinted that globally, IT may be skirting catastrophic […]

Helsinki Education System Breached via Unpatched Vulnerability

The cybersecurity threat environment has never been hotter or the stakes higher, and the cybersecurity community forecasts more of the same.  But, while there are more vulnerabilities for attackers to exploit, analysts also report that perpetrators are exploiting vulnerabilities faster, weaponizing new security advisories in a matter of days, maybe even hours after their publication.  […]

How CSAF 2.0 Advances Automated Vulnerability Management

IT security teams don’t necessarily need to know what CSAF is, but on the other hand, familiarity with what’s happening “under the hood” of a vulnerability management platform can give context to how next-gen vulnerability management is evolving, and the advantages of automated vulnerability management. In this article, we take an introductory journey through CSAF 2.0, […]

CVE-2024-31497: PuTTY Forfeits Client ECDSA Private Keys

Public-key cryptography underpins enterprise network security and thus, securing the confidentiality of private keys is one of the most critical IT security challenges for preventing unauthorized access and maintaining the confidentiality of data. While Quantum Safe Cryptography (QSC) has emerged as a top concern for the future, recent critical vulnerabilities like CVE-2024-3094 (CVSS 10) in […]