The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

First officer’s log – week 1

First Officer’s log, Terrestrial date, 05232022.  Officer of the Deck reporting.  We’ve had another active week, with several stories getting our attention and the following are four of the most interesting.  CISA’s CVE backtrack  What happened  CISA has temporarily removed CVE-2022-26925 from the Known Exploited Vulnerability Catalog due to some unforeseen issues when it’s deployed… Continue reading First officer’s log – week 1

DevSecOps best practices for vulnerability management in the cloud

With DevSecOps best practices, teams can remain on top of their security controls while taking full advantage of everything the cloud has to offer. A growing trend in the cloud ecosystem, DevSecOps brings the security mindset to modern cloud-native applications. While it may sound simple, securing a cloud environment with distributed applications is not so… Continue reading DevSecOps best practices for vulnerability management in the cloud

Operational challenges in mitigating log4j

2021 left a final, chaotic surprise for the cyber security community with the unprecedented critical zero day log4j vulnerabilities. The remediation scramble in the immediate aftermath brought significant operational challenges. Teams worldwide were suddenly caught off-guard, working around the clock to fix a vulnerability nobody saw coming. Here are some of the key logistical and… Continue reading Operational challenges in mitigating log4j

Security deserves more: a cyber risk message for 2022

2021 saw a record number of reported vulnerabilities and mounting security debt. We’ve migrated to the cloud, implemented new technologies, and are working more remotely than ever. Not to mention the year’s vicious parting gift – the critical zero day log4j vulnerabilities.  The pace and scale of the tech we adopt mean that attack surfaces… Continue reading Security deserves more: a cyber risk message for 2022

Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments

Note on CVE-2021-44228 and CVE-2021-45046: On December 14, 2021, Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). Fortunately, the solutions described below address both CVE-2021-44228 and CVE-2021-45046, without the need to… Continue reading Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments

CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability

Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability