The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

The zero-day Follina MSDT vulnerability – how to fix CVE-2022-30190

 “My Microsoft Word got hacked” might have been a good way to get out of doing homework growing up, but Follina – the new zero-day MSDT vulnerability affecting the word processor – is no laughing matter. Here’s everything you need to know about CVE-2022-30190.  What is the Follina MSDT vulnerability? Follina uses the Word remote… Continue reading The zero-day Follina MSDT vulnerability – how to fix CVE-2022-30190

The top Windows vulnerabilities in June 2022 (Printnightmare and more)

As the world’s largest software vendor, it probably stands to reason that critical Windows vulnerabilities appear more often than others. Even though Microsoft is typically very fast to release patches—either on Patch Tuesday, the second Tuesday of every month, or as an out-of-band release in an emergency—getting those patches implemented across your entire organization isn’t… Continue reading The top Windows vulnerabilities in June 2022 (Printnightmare and more)

CVE-2022-21907 – what you need to know

We’re just a few weeks into 2022, and we already have a new critical vulnerability to face. On the first Patch Tuesday of the year, Microsoft released the CVE-2022-21907 security update.  Without much explanation from the vendor (“HTTP Protocol Stack Remote Code Execution Vulnerability”), the vulnerability was scored with a 9.8 critical CVSS score and… Continue reading CVE-2022-21907 – what you need to know

7 lessons learned about cyber risk from the Remediation Summit 2021

Last week we hosted the third, semi-annual Remediation Summit by Vulcan Cyber. Firstly, we’d like to thank more than 200 attendees who participated in the virtual event and our keynote speakers, who talked all things cyber risk:  Matthew Hurewitz, Associate Director, Application Security & Security Architecture, Best Buy, Ryan Gurney – YL Ventures CISO-in-Residence, YL… Continue reading 7 lessons learned about cyber risk from the Remediation Summit 2021

CVE-2017-14491 and CVE-2019-0708: a blast from the past

Vulcan Cyber is on a mission to help businesses own and mitigate risk. That’s why we do our own research on the most searched CVEs to make sure our community is up to date with the industry’s latest concerns. SEO tool Ahrefs has shown us that in the last few weeks, CVE-2017-14491 and CVE-2019-0708, two… Continue reading CVE-2017-14491 and CVE-2019-0708: a blast from the past

Fixing CVE-2021-34527, the Windows Print Spooler RCE Vulnerability

At Vulcan Cyber, we keep ourselves front and center in the conversation on security, in part through Vulcan Remedy Cloud, the world’s largest free and curated database of reliable vulnerability solutions. To keep our finger on the pulse of security, we track in-demand and trending vulnerabilities. In July, CVE-2021-34527, the Windows Print Spooler Remote Code… Continue reading Fixing CVE-2021-34527, the Windows Print Spooler RCE Vulnerability

Remediating the MITRE framework and att&ck with VM

Update June 2022: The Vulcan Cyber research team, aka “Voyager18” has worked on mapping CVEs to relevant tactics and techniques from the MITRE ATT&CK matrix. Visit the dedicated site here.    While vulnerability management isn’t natively mapped to the MITRE ATT&CK framework by default, using cyber knowledge, data science, machine learning and artificial intelligence, CVEs can be efficiently integrated with ATT&CK in a way that delivers distinct advantages… Continue reading Remediating the MITRE framework and att&ck with VM

The Vulcan Vulnerability Digest – Network Security Threats

Over the past couple of weeks, we’ve seen some high profile security threats  that require your immediate attention. In this digest we’ve rounded them all up. Now in order to help you address these threats, I’ve added actionable steps for you to follow in order to mitigate these risks.

Vulcan Vulnerability Digest – Different Types of Cyber Attacks

With all the buzz around the latest campaigns and exploits, it might seem hard to know what really demands your attention. That’s why we’ve decided to round up the top security threats from the past couple of weeks that really require your attention. 

The Vulcan Vulnerability Digest – Top Cybersecurity Threats

The past couple of weeks have presented many challenges from a security standpoint. There’s a lot of noise around threat actors, phishing campaigns etc., and it might seem hard to differentiate between what’s actually requires attention and what doesn’t.