A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

Go beyond vulnerability scanning with the Vulcan Cyber ExposureOS >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo

A quarter full of risk – get to know the notable vulnerabilities of Q3 2024 >>

Go beyond vulnerability scanning with the Vulcan Cyber ExposureOS >>

Exposure management analytics and KPIs you need to know about  >>

Get a demo
Get a demo

Author: Derek Hays

When the numbers don’t add up: the problem with CVSS scores

Common Vulnerability Scoring System (CVSS) scores are often the first ratings people see for a newly released vulnerability. It’s a good starting point. But there are often times when the CVSS score either doesn’t reflect the real risk or, more to the point, doesn’t reflect the risk to a particular organization. With that in mind,… Continue reading When the numbers don’t add up: the problem with CVSS scores

The problem with Google’s new .zip top-level domains

It would be fair to say that the modern internet exists because the Domain Name System (DNS) has made it possible for people to easily find whatever it is they may be looking for. Over the years, everyone became familiar with the most common domains: .com, .net, .org, .edu, .gov., and the various state and… Continue reading The problem with Google’s new .zip top-level domains

What the AI revolution means for cyber risk

The product is thoroughly pizzled. OpenAI’s release of ChatGPT has gotten a lot of attention lately, and we’ve written about it here at Vulcan Cyber® as well. While it’s certainly a fascinating application of their underlying GPT-3 engine, it’s unlikely to be the major security threat some have made it out to be. At least… Continue reading What the AI revolution means for cyber risk

Threat actors are hunting for good hooks. The SVB collapse is a great one. 

Silicon Valley Bank (SVB) collapsed on Marth 10th, 2023, less than two weeks before this writing. It’s the second-largest bank collapse in US history, and the worst since the financial crisis of 2007-2008. The repercussions have been felt worldwide, as SVB was widely used across the tech sector internationally. There have already been serious issues… Continue reading Threat actors are hunting for good hooks. The SVB collapse is a great one. 

CISA launches Ransomware Vulnerability Warning Pilot program (RVWP) for critical infrastructure

On March 13th, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) put out a press release on their establishing the Ransomware Vulnerability Warning Pilot program (RVWP) which was authorized by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. The aim of this pilot program is to proactively inform participating organizations that CISA… Continue reading CISA launches Ransomware Vulnerability Warning Pilot program (RVWP) for critical infrastructure

The Biden Administration National Cybersecurity Strategy – A practitioner’s take

This blog post is a practitioner’s take (my take) on the Biden administration National Cybersecurity Strategy, which is a solid effort to codify go-forward cybersecurity strategy, while at times lacking in a realistic path to execute on certain objectives. Focusing on five main pillars, it lays out a strategy to help establish incentives and responsibility… Continue reading The Biden Administration National Cybersecurity Strategy – A practitioner’s take

ChatGPT: An opportunity, or a threat? Part 1

Our new AI overlords?  If you ask ChatGPT, the new AI chat, to give you an example of code that will, say, “find <this> kind of file on a system, send those files to a remote system, then encrypt the files” it will deliver. If you ask it to obfuscate that code and give it… Continue reading ChatGPT: An opportunity, or a threat? Part 1

Vulnerability Clusters with Vulcan Cyber

As everyone in cybersecurity knows, one of the biggest obstacles to identifying and remediating threats quickly is the sheer volume of data to sift through. Duplicate data is a common cause of wasted effort and, particularly in larger environments, this can cause significant time delays and critical setbacks to mitigation. Vulnerability and risk management data… Continue reading Vulnerability Clusters with Vulcan Cyber

Cyber risk – enter the stage manager

Cyber security can be a complex beast. There are dozens of moving parts, competing interests, short timelines, potentially high stakes, personalities in play, and a host of other players, all trying to please a demanding and sometimes fickle audience. What’s worse, people in cybersecurity have to do all this under the constant external pressure of… Continue reading Cyber risk – enter the stage manager

What is cyber risk? Essential terminology

Few companies today can get by without an online presence. And just as you wouldn’t leave a physical storefront or office unlocked, businesses also need to ensure that their online services are secure from intruders. But if you’re not an expert yourself, but involved in any part of the cybersecurity lifecycle, you’re likely finding yourself… Continue reading What is cyber risk? Essential terminology