The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Start by documenting what is in place now and what objections the organization is trying to reach. The stakeholders should come from multiple departments within the organization. For example, you will need buy-in from:

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems.

What is vulnerability management? Why you need it? What components does an efficient vulnerability management tool have? You can find answers to these questions and much more in our article.

An exploit is a piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data. Once vulnerabilities are identified, they are posted on Common Vulnerabilities and Exposures (CVE). CVE is a free vulnerability dictionary designed to improve global cyber security and cyber resilience by creating a standardized identifier for a given vulnerability or exposure.

How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch for an EOL operating system like it did in response to BlueKeep, what does it tell you?

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, when its output is tied back to the goals of the enterprise and when there is a reduction in the overall risk of the organization. Such vulnerability management technology can detect risk, but it requires a foundation of people and processes to ensure that the program is successful.

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.

tl;dr – CVE-2019-11043 PHP-FPM & NGINX RCE was publicly disclosed and a Proof-of-Concept exploit code was made available on GitHub. We received the report from our Crowdsource community, and now the CVE-2019-11043 Nginx/PHP-FPM RCE vulnerability is detected by Detectify. Nginx is a common web server used to run web applications. PHP-FPM (FastCGI Process Manager) is a processor for PHP scripts that is efficient at handling heavy website traffic and is commonly used by websites that have e.g.

Being one of the most important practices in cyber security, vulnerability management is a rather involved process that requires your time and resources. In this article, we will take a closer look at how SOAR solutions can help you in the process of vulnerability management.

As one of the most important practices of cyber security, vulnerability management is not a one step process. It must keep evolving in accordance with your network’s growth. That is why we will take a closer look at vulnerability management lifecycle in this article. Vulnerability management is one of the pillars of cyber security. It helps your organization to have a stronger cyber security and allows your security team to better handle with potential attacks.