Vulcan Cyber named a Leader in The Forrester Wave™ for Vulnerability Risk Management >>

GET A DEMO

Vulcan Cyber named a Leader in The Forrester Wave™ for Vulnerability Risk Management >>

GET A DEMO

Author: Derek Hays

CTX package vulnerability – what you need to know

Yesterday, serious issues were found with an independently produced update to the CTX package in Python, potentially affecting millions of users who unknowingly installed it.  The original update and subsequent fallout unfolded over the course of a few days and were documented in multiple Reddit threads. Here’s everything you need to know.  What is the… Continue reading CTX package vulnerability – what you need to know

Known vulnerabilities – threat actors’ best friends

Delve into the minds of threat actors by joining us on Thursday, January 13, to watch a session from The Remediation Summit by Yossi Glazer, Vulcan Cyber principal product manager, titled, “A Threat Actor’s Perspective on Risk.”  It’s no surprise that threat actors look to take advantage of exposed public-facing assets, often exploiting known vulnerabilities.… Continue reading Known vulnerabilities – threat actors’ best friends

Operational challenges in mitigating log4j

2021 left a final, chaotic surprise for the cyber security community with the unprecedented critical zero day log4j vulnerabilities. The remediation scramble in the immediate aftermath brought significant operational challenges. Teams worldwide were suddenly caught off-guard, working around the clock to fix a vulnerability nobody saw coming. Here are some of the key logistical and… Continue reading Operational challenges in mitigating log4j

CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

What is the SIGRed Vulnerability (CVE-2020-1350)?

What is the SIGRed Vulnerability (CVE-2020-1350)? SIGRed (CVE-2020-1350) is a critical, wormable RCE (remote code execution) vulnerability in the Windows DNS Server, that can be triggered by an attacker with malicious DNS response. It received a CVSS base score of 10, and according to the Check Point researchers who found this 17-year-old flaw, the likelihood of exploitation is high. 

CVE-2021-41773: What it is and how to fix it

The Apache HTTP server is one of the most common HTTP server frameworks on the internet. Yesterday (October 5th 2021), Apache released a security patch that fixes a critical vulnerability in their project – CVE-2021-41773. This vulnerability was disclosed by Ash Daulton and the CPanel security team on September 29 – not long after Apache… Continue reading CVE-2021-41773: What it is and how to fix it

Remote Work and its Impact on Information Security Risk Management

COVID-19’s widespread impacts were felt not only in everyday life but also at the workplace. The pandemic caused a total shift to remote work almost instantaneously, giving businesses little time to adapt their security plans as they moved to adopt cloud-based technologies and collaboration sites. It’s no surprise that a remote work environment results in… Continue reading Remote Work and its Impact on Information Security Risk Management

The Risk Threat Vulnerability Equation

Risk = Threat + Vulnerability The Risk Threat Vulnerability Equation is a commonly used formula in cyber risk management to identify and prioritize the risks organizations face. This model illustrates that if one aspect of risk, such as threat or vulnerability, can be brought down to a manageable level, the value of risk as a… Continue reading The Risk Threat Vulnerability Equation

Our Favorite Free Open Source Threat Intelligence Feeds

Threat intelligence feeds record and track IP addresses and URLs associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware, and more. While there are plenty available online, we thought we would share our favorites. Proofpoint’s Emerging Threats Proofpoint’s Emerging Threats Intelligence Feed (ET) is one of the highest-rated threat intelligence feeds. ET categorizes and… Continue reading Our Favorite Free Open Source Threat Intelligence Feeds

How Can a Network Vulnerability Scanner Benefit You?

Network vulnerability scanning is the process of providing businesses with an in-depth review by identifying security holes within an organization’s network, information systems, and hardware. Vulnerability scanning is then followed by employing strategies to remediate these gaps.  Network vulnerability scanners are crucial in allowing businesses to determine which security measures to implement. If performed regularly… Continue reading How Can a Network Vulnerability Scanner Benefit You?

PLATFORM

Platform overview

Connectors

Vulcan Free

Pricing

Compare

Vulnerability Aggregation

Vulnerability Correlation

Vulnerability Intelligence

Vulnerability Prioritization

Management Orchestration

Collaborative Security

Risk Reporting

SOLUTIONS

Risk-Based Vulnerability Management

Application Vulnerability Management

Cloud Vulnerability Management

Financial Services

Federal Organizations

MSSPs

CYBER RISK HUB

Blog

Resources

Vulnerability management basics

Voyager18 research

VulnRX

MITRE Mapper

Cyber Risk Summit

COMPANY

About

Careers

Become a partner

Deal Registration

Awards and recognition

Contact us

REQUEST A DEMO

Copyright © 2023 Vulcan Cyber. All rights reserved. Privacy Policy | Terms of Use