CVE-2021-35394 Realtek SDK : How to fix the exploited vulnerability | Read here >>

ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

New in financial services: How to address security gaps with risk-based vulnerability management | Download here >> 

CVE-2021-35394 Realtek SDK : How to fix the exploited vulnerability | Read here >>

ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

New in financial services: How to address security gaps with risk-based vulnerability management | Download here >> 

How to mitigate the OpenSSL3 vulnerability [CVE-2022-3786 and CVE-2022-3602 are out]

Late last week we called attention to the fact that OpenSSL had identified (without any specific details) a critical OpenSSL3 vulnerability and was going to release an update to address it today. As of this morning, OpenSSL released the source code for version 3.0.7 which is designed to mitigate CVE-2022-3786 and CVE-2022-3602. Download OpenSSL 3.0.7… Continue reading How to mitigate the OpenSSL3 vulnerability [CVE-2022-3786 and CVE-2022-3602 are out]

From rumors to PoC: how to easily win CVE-2022-22954

Sequence of events  It began in March 23, when our research team first started investigating the mysterious report of an emerging remote code execution (RCE) vulnerability in a VMware product, without much initial information to go by.  This tweet left us intrigued while the report did not reveal the potential vulnerable component, but did approve… Continue reading From rumors to PoC: how to easily win CVE-2022-22954

Is the new zero-day vulnerability “Spring4Shell” the next log4shell? Learn how to mitigate

On March 30, 2022, a Chinese researcher published a GitHub commit that contained an exploit code for a zero-day vulnerability of unauthenticated remote code execution in the Spring Framework. The new RCE vulnerability CVE-2022-22965 is also being nicknamed: Spring4Shell. Here’s everything you need to know:  What is the Spring4Shell vulnerability? At this time, in order… Continue reading Is the new zero-day vulnerability “Spring4Shell” the next log4shell? Learn how to mitigate

Insight Into What a CVE Is in Cyber Security

Today’s enterprises are increasingly threatened by malicious external actors that exploit flaws in applications or systems to compromise data security. In the process of trying to find the best ways to secure your data, you’ve probably heard the term CVE and wondered what it means.  So, what is a CVE in cyber security? CVE is… Continue reading Insight Into What a CVE Is in Cyber Security