The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Cisco End-of-Life threat and more: first officer’s log – week 17

First Officer’s log, Terrestrial date, 20220919. Officer of the Deck reporting.   Ongoing communications from the mission team on [REDACTED] have shown steady progress, but the project has been running into more and more unexpected complexity. Though, in hindsight, we should have expected at least this much of a challenge.  The people of [REDACTED] are technically… Continue reading Cisco End-of-Life threat and more: first officer’s log – week 17

First officer’s log – week 1

First Officer’s log, Terrestrial date, 05232022.  Officer of the Deck reporting.  We’ve had another active week, with several stories getting our attention and the following are four of the most interesting.  CISA’s CVE backtrack  What happened  CISA has temporarily removed CVE-2022-26925 from the Known Exploited Vulnerability Catalog due to some unforeseen issues when it’s deployed… Continue reading First officer’s log – week 1

CISA known exploited vulnerabilities – what do they mean for your organization?

Recently, CISA added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The catalog is a living list of known CVEs that represent significant risk to federal enterprises, and is regularly updated.  But while new vulnerabilities are added constantly, it’s unusual for CISA to add more than a handful to their catalog at a time,… Continue reading CISA known exploited vulnerabilities – what do they mean for your organization?

CISA and NIST compile ominous vulnerability reports

Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new directive requiring federal agencies to patch known exploited vulnerabilities within specific timeframes. With this directive, CISA also published the Known Exploited Vulnerabilities Catalog. While a welcome move, these vulnerability reports are not enough on its own to change the cyber risk status… Continue reading CISA and NIST compile ominous vulnerability reports

Best Vulnerability Remediation Resources

Did you know that Black Hat 2020 is happening this week? All things considered, it might have just gone under your radar. And with every event either being canceled altogether or making the necessary adjustments to go virtual, from your local meetups to the biggest conventions, managing to find truly valuable resources at this time… Continue reading Best Vulnerability Remediation Resources

CISA’s New Guidelines for the Information Systems Auditor

The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for building America’s “national capacity to defend against cyber-attacks and … to safeguard the ‘.gov’ networks.” Its mandate includes securing all publicly accessible Federal websites by scanning them for vulnerabilities that need to be remediated. On April 29, 2019, CISA issued Binding Operational Directive (BOD) 19-02,… Continue reading CISA’s New Guidelines for the Information Systems Auditor