Digital Shadows (now ReliaQuest)’ new vulnerability intelligence capability brings a unique context to CVEs. Armed with this intelligence, security teams can better prioritize their vulnerability management efforts. Beyond CVSS Scoring More than 20,000 vulnerabilities were reported in 2021 – vulnerabilities that attackers are rapidly incorporating into their campaigns. When new vulnerabilities are announced, speed of […]
Just when we thought we were through the significant bits of Log4j issues, a new problem appeared this past weekend. The good news is that with a lot of smart people looking at the issues, it means that researchers are doing their best to find any faults, and the Apache team is doing a great […]
Last Friday, we published a blog on the latest significant vulnerability, CVE-2021-44228, which involves a flaw in the Log4j program that causes arbitrary code execution. In case you missed it, the fun part here is that attackers could introduce malicious code in many different ways. As Rob put it on our recent podcast, the coder’s […]
At the beginning of our conversation on vulnerability intelligence a couple of weeks ago, I briefly touched on a fictional weeklong scenario that involved vulnerability disclosure, PoC (proof-of-concept) release, and mass scanning that ended with victims hit by exploits. I get it, a week to go from vulnerability to working exploit may seem like hyperbole, […]