The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

On the Microsoft Teams desktop app? Watch your credentials and tokens!

Last month, it was discovered that Microsoft Teams users could be leaving the doors open for malicious entities on their computers to access their credentials.  Here’s everything you need to know about the vulnerability, first discovered by the Vectra Protect team:  What is the vulnerability in the Microsoft Teams desktop app? The team recently uncovered… Continue reading On the Microsoft Teams desktop app? Watch your credentials and tokens!

How to fix CVE-2022-26138 in Atlassian

Atlassian is urging users to take action on a critical vulnerability found in its Questions for Confluence app – one of three major bugs announced last week.  With Confluence in use across millions of systems for project management and collaboration needs, a critical vulnerability in the product has the potential to cause huge damage if… Continue reading How to fix CVE-2022-26138 in Atlassian

The top Windows vulnerabilities in June 2022 (Printnightmare and more)

As the world’s largest software vendor, it probably stands to reason that critical Windows vulnerabilities appear more often than others. Even though Microsoft is typically very fast to release patches—either on Patch Tuesday, the second Tuesday of every month, or as an out-of-band release in an emergency—getting those patches implemented across your entire organization isn’t… Continue reading The top Windows vulnerabilities in June 2022 (Printnightmare and more)

Is the new zero-day vulnerability “Spring4Shell” the next log4shell? Learn how to mitigate

On March 30, 2022, a Chinese researcher published a GitHub commit that contained an exploit code for a zero-day vulnerability of unauthenticated remote code execution in the Spring Framework. The new RCE vulnerability CVE-2022-22965 is also being nicknamed: Spring4Shell. Here’s everything you need to know:  What is the Spring4Shell vulnerability? At this time, in order… Continue reading Is the new zero-day vulnerability “Spring4Shell” the next log4shell? Learn how to mitigate

How to fix the zero day CVE-2022-22620 vulnerability

On February 10, Apple released an urgent update for iOS, iPadOS and MacOS to fix the dangerous zero-day CVE-2022-22620 vulnerability. While Apple does not disclose vulnerabilities until after they have completed their research and most users have patches in place, they recommend updating devices as soon as possible. Meanwhile, CISA have ordered federal agencies to… Continue reading How to fix the zero day CVE-2022-22620 vulnerability