CyCognito

Emerging Threat: Apache Struts CVE-2024-53677

Dec 19, 2024 By Emma Zaballos In CyCognito

CVE-2024-53677 is a critical (9.5) remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework for building Java-based web apps. This vulnerability affects the framework’s file upload logic, allowing attackers to enable paths traversal and perform remote code execution using malicious files.

Read Post

CyCognito

Read more about Emerging Threat: Apache Struts CVE-2024-53677

Need to boost the value of your security budget in 2025? Here's how.

Dec 16, 2024 By Jason Pappalexis In CyCognito

If you are like many CISOs, you feel pressure to increase the value of your security testing budget. And if you are one of the 53% of enterprises reporting stagnant or decreasing budgets in 2024, you have even more work cut out for you. Increasing testing value requires a re-evaluation of nearly everything. Tackle tool sprawl. Optimize workflows. Reduce false positives. Review cloud spend. All while demonstrating ROI even in the absence of incidents. This post is about ways to reach these goals.

Read Post

CyCognito

Read more about Need to boost the value of your security budget in 2025? Here's how.

CyCognito Report Highlights Rising Cybersecurity Risks in Holiday Ecommerce

Nov 26, 2024 By CyCognito In CyCognito

Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs.

Read Post

CyCognito

Read more about CyCognito Report Highlights Rising Cybersecurity Risks in Holiday Ecommerce

Gift or Grift? How Retailers Can Combat Cyber Threats This Season

Nov 21, 2024 By Emma Zaballos In CyCognito

A lot goes into deciding what to buy during the holiday shopping season – shipping times, sale prices, and finding the perfect gift for your niece (who is impossible to shop for) are likely to be at the top of your mind. Unfortunately, attackers are counting on that. An attacker’s best friend is urgency and Black Friday kicks off a perfect season for them.

Read Post

CyCognito

Read more about Gift or Grift? How Retailers Can Combat Cyber Threats This Season

Emerging Threat: Palo Alto PAN-OS CVE-2024-0012 & CVE-2024-9474

Nov 20, 2024 By Emma Zaballos In CyCognito

On November 18, 2024, Palo Alto Networks (PAN) fully disclosed two serious vulnerabilities in PAN-OS software that had previously been partially disclosed on November 8th. The first vulnerability, CVE-2024-0012, is a critical severity (9.3) authentication bypass in the PAN-OS management web interface. It allows unauthenticated attackers with network access to gain administrator privileges by bypassing the authentication check entirely, essentially telling the server not to check for authentication at all.

Read Post

CyCognito

Read more about Emerging Threat: Palo Alto PAN-OS CVE-2024-0012 & CVE-2024-9474

How to Budget for EASM

Nov 18, 2024 By Tim Matthews In CyCognito

External Attack Surface Management, or EASM, has become a necessary component of a proactive cybersecurity strategy. According to research from Enterprise Strategy Group, over 65% of breaches stem from a compromised, externally exposed asset, so knowing your attack surface is key to avoiding breaches. Gartner, for this reason, is recommending EASM as a key pillar in the new approach to proactive security they call Exposure Management.

Read Post

CyCognito

Read more about How to Budget for EASM

A New Framework: Understanding Exposure Management

Nov 11, 2024 By Emma Zaballos In CyCognito

Savvy security leaders are moving from the legacy framework of vulnerability management to the emerging framework of exposure management because it solves their biggest challenges. The attack surface, which now contains cloud assets, distributed and mobile employees, and Internet of Things (IoT) integrated into every aspect of the workplace, is too complicated and changes too quickly to be managed with outdated methods and technologies.

Read Post

CyCognito

Read more about A New Framework: Understanding Exposure Management

Emerging Threat: FortiJump (CVE-2024-47575)

Oct 29, 2024 By Emma Zaballos In CyCognito

CVE-2024-47575, also known as FortiJump, is a critical (9.8) missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Threat researcher Kevin Beaumont published a blog post on October 22nd, 2024 identifying this vulnerability as a zero day. This vulnerability is separate from CVE-2024-23113, which also affects FortiGate devices.

Read Post

CyCognito

Read more about Emerging Threat: FortiJump (CVE-2024-47575)

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito

The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.

Read Post