Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ASM

CVE-2023-34362: SQLi Zero Day Vulnerability in MOVEit Transfer exploited in the wild

CVE-2023-34362 is an SQL injection (SQLi) vulnerability that has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. SQL Injection (SQLi) poses significant risks as it allows attackers to potentially steal, manipulate, or delete sensitive data from databases.

How To Communicate Attack Surface Management to the Board

With digital transformation rapidly multiplying attack vectors across the cloud, remote work environments, and Shadow IT endpoints, mapping your digital footprint, let alone implementing an effective attack surface management strategy, is not as easy as it once was. As a result, communicating the value and progress of Attack Surface Management (ASM) to the board is becoming a considerable challenge that must be addressed before threat landscapes evolve beyond the reach of mitigation capabilities.

CrowdStrike Enhances Falcon Discover to Reduce the Attack Surface, Streamline Operations and Lower Costs

CrowdStrike Falcon® Discover delivers deep asset visibility with no hardware to deploy or manage, providing valuable context for all of your assets. For IT and security teams alike, Falcon Discover is a powerful tool to stop breaches. The majority of CrowdStrike customers already use Falcon Discover to improve their IT and security posture.

Debunking 5 Myths of Attack Surface Management

Attack surface management is certainly a concern for most organizations, but being top of mind does not mean it's easy for organizations to understand or implement. Unfortunately, there are many misconceptions about how hard managing one's attack surface is, so let's deal with five of the most common fallacies. The fact is attack surface management is a lot easier said than done and to be effective, attack surface management demands a strong base of 'cyber hygiene'.

Expanding Enterprise Attack Surfaces (EAS) and the increasing importance of Identity & Access Management

In the past five years, Enterprise Attack Surfaces (EAS) have evolved significantly. EAS refer to the various entry points that cybercriminals can exploit to gain unauthorized access to an organization's digital assets. With the increasing use of cloud-based services, the proliferation of connected devices and the growing reliance on third-party vendors, attack surfaces have become broader, more numerous and more complex.

What is Exposure Management in Cybersecurity?

Exposure management in cybersecurity is a set of processes that helps organizations view their entire attack surface and understand which areas in their IT infrastructure are most exposed to cyber threats. Organizations can then take the necessary steps to reduce their cyber risk exposure through risk mitigation and risk remediation steps. Exposure management goes hand in hand with attack surface management (ASM) and threat and vulnerability intelligence.

Attack Vector vs Attack Surface vs Attack Path (Interaction & Differences)

Cybersecurity is an intricate, multidimensional game of defense that requires businesses to stay one step ahead of threat actors. Among the several dimensions to consider, understanding the differences between attack vectors, attack surfaces, and attack paths is paramount. In this blog post, we aim to elucidate the concepts of attack vector, attack surface, and attack path, and how information security professionals can help secure their digital terrain more effectively.

Reduced Attack Surface: How to Reduce Your Attack Surface (and Why It Matters)

Data breaches are an ever-present risk for organizations of all sizes — and the larger the attack surface, the greater the risk. There is growing awareness of the need to manage the attack surface, and reducing the attack surface is an essential component. However, many companies lack full visibility into their real attack surface, making reduction challenging.

Defining Your Organization's Attack Surface: The 4 Types of Attack Surfaces

Attack surfaces are a fundamental concept within information security. However, attack surfaces can be constituted of different things. For example, some formulations of an attack surface include not just software and hardware, but the people using them. In this post, we’re going to cover four common types of attack surface, discuss how you should think about the risks associated with each type, and best practices for addressing these risks.

Assign severity ratings on Attack Surface Custom Policies

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.