ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

CVE-2022-3656 in Google Chrome: How to fix the new “SymStealer” vulnerability | Read here >>

New report: Get a 360° view of the cyber risk landscape in 2022 and recommendations for 2023 | See the full report >> 

ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

CVE-2022-3656 in Google Chrome: How to fix the new “SymStealer” vulnerability | Read here >>

New report: Get a 360° view of the cyber risk landscape in 2022 and recommendations for 2023 | See the full report >> 

How to properly tackle zero-day threats

Despite modern, cutting-edge security technologies, cyber crime is still rampant, as attackers continue to find ways to gain unauthorized access to systems. Though the majority of software products today are built with security by design, system complexities and integrations with multiple products can introduce new verticals to the threat landscape. Zero-days—new, unknown threats—add yet another… Continue reading How to properly tackle zero-day threats

Memory-safe languages and more: first officer’s blog – week 26

First Officer’s log, Terrestrial date, 20221121. Officer of the Deck reporting.   Our work at Frontier Station [REDACTED] has been proceeding as expected. While the station used a range of tools across their departments, some standard, some decidedly not, and some built on the fly by the local engineering team to meet specific needs, we are… Continue reading Memory-safe languages and more: first officer’s blog – week 26

First officer’s log – week 1

First Officer’s log, Terrestrial date, 05232022.  Officer of the Deck reporting.  We’ve had another active week, with several stories getting our attention and the following are four of the most interesting.  CISA’s CVE backtrack  What happened  CISA has temporarily removed CVE-2022-26925 from the Known Exploited Vulnerability Catalog due to some unforeseen issues when it’s deployed… Continue reading First officer’s log – week 1

DevSecOps best practices for vulnerability management in the cloud

With DevSecOps best practices, teams can remain on top of their security controls while taking full advantage of everything the cloud has to offer. A growing trend in the cloud ecosystem, DevSecOps brings the security mindset to modern cloud-native applications. While it may sound simple, securing a cloud environment with distributed applications is not so… Continue reading DevSecOps best practices for vulnerability management in the cloud

Operational challenges in mitigating log4j

2021 left a final, chaotic surprise for the cyber security community with the unprecedented critical zero day log4j vulnerabilities. The remediation scramble in the immediate aftermath brought significant operational challenges. Teams worldwide were suddenly caught off-guard, working around the clock to fix a vulnerability nobody saw coming. Here are some of the key logistical and… Continue reading Operational challenges in mitigating log4j

Security deserves more: a cyber risk message for 2022

2021 saw a record number of reported vulnerabilities and mounting security debt. We’ve migrated to the cloud, implemented new technologies, and are working more remotely than ever. Not to mention the year’s vicious parting gift – the critical zero day log4j vulnerabilities.  The pace and scale of the tech we adopt mean that attack surfaces… Continue reading Security deserves more: a cyber risk message for 2022

Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments

Note on CVE-2021-44228 and CVE-2021-45046: On December 14, 2021, Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). Fortunately, the solutions described below address both CVE-2021-44228 and CVE-2021-45046, without the need to… Continue reading Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments

CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability