The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

CTX package vulnerability – what you need to know

Yesterday, serious issues were found with an independently produced update to the CTX package in Python, potentially affecting millions of users who unknowingly installed it.  The original update and subsequent fallout unfolded over the course of a few days and were documented in multiple Reddit threads. Here’s everything you need to know.  What is the… Continue reading CTX package vulnerability – what you need to know

CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

CVE-2021-41773: What it is and how to fix it

The Apache HTTP server is one of the most common HTTP server frameworks on the internet. Yesterday (October 5th 2021), Apache released a security patch that fixes a critical vulnerability in their project – CVE-2021-41773. This vulnerability was disclosed by Ash Daulton and the CPanel security team on September 29 – not long after Apache… Continue reading CVE-2021-41773: What it is and how to fix it

Why we’re still seeing unpatched software

Despite industry awareness that 60% of data breaches stem from unpatched software, “fix” still doesn’t get done. And how about these statistics from the 2020 Veracode software security report? Do they match your organization’s patch rates? 70% of bugs remain unpatched after 4 weeks. 55% of bugs remain unpatched three months later. 25% of high-vulnerability… Continue reading Why we’re still seeing unpatched software