New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

What is the SIGRed Vulnerability (CVE-2020-1350)?

What is the SIGRed Vulnerability (CVE-2020-1350)? SIGRed (CVE-2020-1350) is a critical, wormable RCE (remote code execution) vulnerability in the Windows DNS Server, that can be triggered by an attacker with malicious DNS response. It received a CVSS base score of 10, and according to the Check Point researchers who found this 17-year-old flaw, the likelihood of exploitation is high. 

What is the Google Chrome CVE-2020-15999 vulnerability?

As the vulnerability remediation experts we’ve made a practice of publishing remedies, fixes, and solutions for the more high-profile vulnerabilities we’ve come across over the years. This blog post will answer, “What is Google Chrome CVE-2020-15999?” but more importantly I’m excited to announce the availability of Vulcan Remedy Cloud as a free and curated database… Continue reading What is the Google Chrome CVE-2020-15999 vulnerability?

What is the BootHole Vulnerability (CVE-2020-10713)?

TL;DR The BootHole vulnerability is not critical (yet), but it could potentially effect billions of devices worldwide. Exploiting it requires high privileges or physical access. Now while there are no full patches available at this time, we’ve written this blog, and published this episode of The Vulnerability Report, to help you detect vulnerable devices, mitigate the… Continue reading What is the BootHole Vulnerability (CVE-2020-10713)?

Remediating the MITRE framework and att&ck with VM

Update June 2022: The Vulcan Cyber research team, aka “Voyager18” has worked on mapping CVEs to relevant tactics and techniques from the MITRE ATT&CK matrix. Visit the dedicated site here.    While vulnerability management isn’t natively mapped to the MITRE ATT&CK framework by default, using cyber knowledge, data science, machine learning and artificial intelligence, CVEs can be efficiently integrated with ATT&CK in a way that delivers distinct advantages… Continue reading Remediating the MITRE framework and att&ck with VM

The SMBleed Vulnerability and How to Fix It with KB4560960

SMBleed (CVE-2020-1206), its relation to SMBGhost and how to fix them The SMBleed vulnerability (CVE-2020-1206) allows an attacker to read uninitialized kernel memory. It happens in the same function as SMBGhost (CVE-2020-0796), a bug in the compression mechanism of SMBv3.1.1, as explained in a previous blog.

The Vulcan Vulnerability Digest – Network Security Threats

Over the past couple of weeks, we’ve seen some high profile security threats  that require your immediate attention. In this digest we’ve rounded them all up. Now in order to help you address these threats, I’ve added actionable steps for you to follow in order to mitigate these risks.

Vulcan Vulnerability Digest – Different Types of Cyber Attacks

With all the buzz around the latest campaigns and exploits, it might seem hard to know what really demands your attention. That’s why we’ve decided to round up the top security threats from the past couple of weeks that really require your attention. 

Improve Enterprise VPN Security – Pulse Secure VPN Download

The Coronavirus pandemic has drastically changed our reality in a blink of an eye. With WFH and social distancing becoming the new norm. While these measures are key to reducing the risk of contracting COVID-19, from a security standpoint working from home introduces other risks. 

The Vulcan Vulnerability Digest – Top Cybersecurity Threats

The past couple of weeks have presented many challenges from a security standpoint. There’s a lot of noise around threat actors, phishing campaigns etc., and it might seem hard to differentiate between what’s actually requires attention and what doesn’t.  

What is the SMBGhost Vulnerability (CVE-2020-0796)?

Microsoft have accidentally revealed information regarding a security update for a wormable vulnerability SMBGhost (CVE-2020-0796) in the Microsoft Server Message Block protocol.