SecurityTrails Blog
High Severity OpenSSL 3.0.x Vulnerabilities Discovered (CVE-2022-3786 and CVE-2022-3602)
The OpenSSL project team has just announced a security fix targeting two distinct buffer overflow (CVE-2022-3786 and CVE-2022-3602) vulnerabilities impacting versions 3.0.0 to 3.0.6 of the popular open-source cryptographic platform.
October Product Updates: New Rule Reasons, ‘End-of-Life Software’ Risk Rule, and more.
October’s here and with it so many updates from our Attack Surface Intelligence platform. This time around, we’re releasing our new Rules Reasons, New End-of-life Risk Rule, and improvements to Static Assets. Keep reading to learn more.
A Blast from the Past: Revisiting the IIS Tilde Vulnerability
As Internet Information Services (IIS)—the underlying server technology behind scores of Windows-based web applications worldwide—continues to gain market share over rivaling platforms, its security vulnerabilities have not been in short supply.
New Microsoft Exchange Vulnerabilities Discovered: CVE-2022-41082 (RCE) & CVE-2022-41040 (SSRF)
Microsoft is investigating the potential exploitation of not one, but two distinct vulnerabilities impacting the Exchange Server 2013, 2016, and 2019 family of products.
Managing WordPress and WooCommerce Threats With Attack Surface Intelligence
With its theme ability, websites powered by WordPress can be made to look unique—and often can’t be identified as WordPress-powered at first glance. Combined with the ability to use various plugins to extend its usability, it’s become common for WordPress site owners to use it not only for blogging but for other use cases as well, such as eCommerce.
How Attack Surface Intelligence Drives Vulnerability Management
Today, organizations the world over are facing sophisticated threats and cyber attacks on their valuable digital assets as well as embedded, unknown vulnerabilities in their infrastructures. And digital transformation, along with the pandemic and the shift to the cloud, have only accelerated changes in the way organizations operate, mainly with hybrid and remote work.
Introducing the Palo Alto Networks Cortex XSOAR + Attack Surface Intelligence Integration
We are super excited to announce the immediate availability of our Palo Alto Cortex XSOAR + Attack Surface Intelligence integration.
The Current State of CI/CD Security, and How to Prevent Common Mistakes
An ever-growing need for faster and structured development has meant that CI/CD tools have become integrated into the core of an organization's development processes.
New Project Risk History tab, Screenshots and UX Improvements
A few days after the successful release of our latest product updates, another round of improvements came to the Attack Surface Intelligence platform. Keep reading to find out more!
Slipping Under the Radar: CVE-2022-26501 - Veeam Unauthenticated RCE
Veeam Software, a global leader in data backup, replication, and disaster recovery solutions, recently disclosed a series of software vulnerabilities affecting the Veeam Distribution Service (VDS) of its flagship Veeam Backup Server line of products.