First Officer’s log, Terrestrial date, 20220727. Officer of the Deck reporting. Now recovered from the dreaded Covid, it is time to fully return to duty and continue the mission. While the last week was comparatively quiet, there were still several significant reports. It also seems likely that some recent discoveries will warrant more attention as… Continue reading OT security flaws, Microsoft adds a patch, and more: first officer’s log – week 6
First Officer’s log, Terrestrial date, 20220720. Officer of the Deck reporting. One of the challenges of any major planetside expedition, as we were engaged in, is the potential exposure of crew members to local contagions. In this case, the near-endemic Coronavirus, that has been an issue for some time now. Fortunately, only one of our… Continue reading Citrix ADM, Sharepoint, Pegasus: first officer’s log – week 5
First Officer’s log, Terrestrial date, 202200706. Officer of the Deck reporting. The pace of recent activity has diminished very slightly, but we expect that it is just part of the natural ebb and flow of hostile activity in our sector. In spite of the brief lull, the crew remains vigilant. Our next log entry may… Continue reading Microsoft zero day, More Musk drama, and more: first officer’s log – week 3
As the world’s largest software vendor, it probably stands to reason that critical Windows vulnerabilities appear more often than others. Even though Microsoft is typically very fast to release patches—either on Patch Tuesday, the second Tuesday of every month, or as an out-of-band release in an emergency—getting those patches implemented across your entire organization isn’t… Continue reading The top Windows vulnerabilities in June 2022 (Printnightmare and more)
Customers can leverage integrated solutions to reduce cyber risk through more-effective endpoint security TEL AVIV, Israel, March 29, 2022 — Vulcan Cyber®, developers of the cyber risk management platform for infrastructure, application, and cloud security, today announced the company has joined the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed… Continue reading Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform
Microsoft recently slashed payments through its bug bounty programs — and some of the ethical hackers they’ve been paying to find vulnerabilities might not be so ethical after all. Bug bounties give researchers an incentive to report vulnerabilities directly to software vendors. That way, vendors can release patches and ensure that customer data is secure.… Continue reading What happens when bug bounties don’t work?
For most organizations, vulnerability and cyber risk management are ineffective programs. Information overload, operating siloes with limited communication collaboration, slow and manual processes, and a lack of visibility into what is or isn’t working, all combine to hold back necessary mitigation of cyber risk. That’s why we are excited to announce a new integration between… Continue reading Vulcan Cyber integrates with Microsoft’s threat & vulnerability management
At Vulcan Cyber, we keep ourselves front and center in the conversation on security, in part through Vulcan Remedy Cloud, the world’s largest free and curated database of reliable vulnerability solutions. To keep our finger on the pulse of security, we track in-demand and trending vulnerabilities. In July, CVE-2021-34527, the Windows Print Spooler Remote Code… Continue reading Fixing CVE-2021-34527, the Windows Print Spooler RCE Vulnerability
TL;DR The BootHole vulnerability is not critical (yet), but it could potentially effect billions of devices worldwide. Exploiting it requires high privileges or physical access. Now while there are no full patches available at this time, we’ve written this blog, and published this episode of The Vulnerability Report, to help you detect vulnerable devices, mitigate the… Continue reading What is the BootHole Vulnerability (CVE-2020-10713)?
Alert: There’s a new zero-day RCE on Windows Internet Explorer, CVE-2020-0674, with no available patches out there yet. Not only that, as of now (1/20/20) this vulnerability cannot be scanned by VA tools. This vulnerability is highly dangerous and is reported to have been exploited in the wild. Therefore, security teams must act fast.