On October 16, Cisco’s Talos group highlighted an active threat campaign exploiting a zero-day vulnerability, CVE-2023-20198, in the web UI component of Cisco IOS XE software. This software operates on a broad spectrum of Cisco networking devices. The exploitation of this vulnerability can lead to a total system takeover by an attacker. What is CVE-2023-20198?… Continue reading How to fix zero-day CVE-2023-20198 in Cisco IOS XE software
Multiple Critical vulnerabilities in Exim, including a zero-day dubbed CVE-2023-42115, allow unauthenticated attackers to run code on affected systems, with millions of Exim mail servers exposed to the attack. Here’s what you need to know. What is CVE-2023-42115? Discovered by an unidentified security researcher and disclosed through Trend Micro’s Zero Day Initiative (ZDI), CVE-2023-42115… Continue reading How to fix CVE-2023-42115 in Exim
Despite modern, cutting-edge security technologies, cyber crime is still rampant, as attackers continue to find ways to gain unauthorized access to systems. Though the majority of software products today are built with security by design, system complexities and integrations with multiple products can introduce new verticals to the threat landscape. Zero-days—new, unknown threats—add yet another… Continue reading How to properly tackle zero-day threats
A key part of any risk assessment framework, vulnerability intelligence enables organizations to consider the broader picture when assessing a given vulnerability or set of vulnerabilities. Vulnerability intelligence providers consolidate data from multiple sources – both external and internal – and then offer a contextualized assessment of organizational risk. This can drastically tip the scales… Continue reading Cyber Threat Intelligence – Answer to the Biggest Questions
The question of remediating every single vulnerability is moot. Given the massive amounts of vulnerabilities being disclosed every month, it’s logistically and organizationally unfeasible. At the enterprise level, even the largest IT team simply can’t handle all the vulnerabilities out there – nor, in truth do they need to.