As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being Home Alone. It is the time for festive decorations, eggnog, and large heartwarming feasts with family and friends. Sadly, though, it is going to take a lot more than your aunt’s mystery casserole to ward […]
The curtain has fallen on the third quarter (Q3) of 2022, and it’s time to report the trends and highlights gleaned from Digital Shadows (now ReliaQuest)’ vulnerability intelligence. Q3 was characterized by dozens of zero-day vulnerabilities, including the continued exploitation of the high-profile Follina vulnerability (CVE-2022-30190) that debuted in the second quarter of 2022. For […]
It was a dark and stormy DEFCON. Water leaked from the ceilings onto the casino floors and lightning flashed across the sky. With over 25k attendees, Las Vegas was raining hackers. If you were not swept away in the storm in Las Vegas, you surely felt the flood of new vulnerability fixes on August’s Patch […]
Picture this, you are an analyst working in a large security operations center (SOC) responding to an overwhelming amount of alerts each day. A large portion of the alerts are false positives, but you have to be sure so each one requires your attention. After a while, complacency sets in, and impactful alerts are missed. […]
There is a saying derived from Western movies that say whoever draws first, loses the duel. Nick Bohr, a famous physicist, once said that it takes more time to initiate a movement than to react to one. People are very reactive by nature. In vulnerability management, there is a lot of pressure to quickly react […]
One month ago, the Russian government began the invasion of Ukraine, triggering one of the most severe security crises in Europe since the collapse of the Soviet Union in 1992. The Photon Intelligence Team has been constantly analyzing the development of this war, providing assessment about the involvement of hacktivism in this conflict, practical advice […]
I’m sure we can all agree that this year has been busy for anyone who had anything, even remotely, to do with security. The year 2021 started off with a bang as we all dealt with the fallout from a handful of Exchange bugs, dealt with the repercussions of the Accellion and Kaseya attacks, and […]
At the beginning of our conversation on vulnerability intelligence a couple of weeks ago, I briefly touched on a fictional weeklong scenario that involved vulnerability disclosure, PoC (proof-of-concept) release, and mass scanning that ended with victims hit by exploits. I get it, a week to go from vulnerability to working exploit may seem like hyperbole, […]
Note: This blog is part of a three-blog series on Vulnerability Intelligence that accompanies the release of Digital Shadows (now ReliaQuest)’ latest whitepaper titled Vulnerability Intelligence: Do You Know Where Your Flaws Are? The numerous roadblocks facing vulnerability management (VM) teams are one of the key points raised in our vulnerability Intelligence research. Whether you […]
Note: This blog is part of a three-blog series on Vulnerability Intelligence that accompanies the release of Digital Shadows (now ReliaQuest)’ latest whitepaper titled Vulnerability Intelligence: Do You Know Where Your Flaws Are? Managing vulnerabilities is a daunting task for security teams that are constantly busy with keeping up with the vulnerability threat landscape. New […]