EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and...

EnvíaloSimple < 2.2 Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...

Addressing the Rising Threat of API Leaks

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address...

SUSE CVE-2023-4232

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodestatusreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives

Secure Shell Protocol SSH has been a cornerstone of cryptography and security since it was developed in early 1995. Organizations rely on SSH for secure communications within several popular software products. The recent Terrapin Attack highlights the importance of maintaining full visibility of...

Modern Attack Surface Management (ASM) for SecOps

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what SecOps need to look for in an ASM solution...

PT-2023-32751 · Repbox · Repbox

Name of the Vulnerable Software and Affected Versions: Repbox affected versions not specified Description: An unrestricted file upload vulnerability has been identified, allowing an attacker to upload malicious files via the transforamationfileupload function due to the lack of proper file type...

Modern Attack Surface Management for CISOs

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what CISOs need to look for in an ASM solution...

OSINT. What can you find from a domain or company name

We carry out lots of attack surface assessments, parts of which involve investigating information that has been unintentionally disclosed. To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names. Domain name So let’s div...

Bolstering API Security: Introducing Wallarm’s API Attack Surface Management (AASM)

In the fast-paced digital world, think of Application Programming Interfaces APIs as the threads that stitch together the fabric of our tech ecosystems. They're often overlooked, quietly ensuring that your apps communicate seamlessly and keep the digital world running smoothly. The majority of...

Modern Attack Surface Management for Cloud Teams

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what Cloud teams need to look for in an ASM solution...

Authentication flaw

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...

CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...

When Maximum Effort Doesn't Equate to Maximum Results

It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners. The trick is...

Accelerating Security Risk Management

In response to the expanding attack surface, Mike Milner, Trend Micro VP of Cloud Technology, explores the role security risk management plays in this new era of cybersecurity and how IT leaders are accelerating innovation...

Why Defenders Should Embrace a Hacker Mindset

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have intern...

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are...

De-risking in Practice: How Qualys Customers are Driving Value in Their Organizations

As the threat landscape continues to grow in complexity, it has become more important than ever for the modern enterprise to measure, communicate, and eliminate cyber risk with efficiency. What does that mean in practice? Over the last two days, during the 2023 Qualys Security Conference QSC taki...