High Severity OpenSSL 3.0.x Vulnerabilities Discovered (CVE-2022-3786 and CVE-2022-3602)
The OpenSSL project team has just announced a security fix targeting two distinct buffer overflow (CVE-2022-3786 and CVE-2022-3602) vulnerabilities impacting versions 3.0.0 to 3.0.6 of the popular open-source cryptographic platform.
A Blast from the Past: Revisiting the IIS Tilde Vulnerability
As Internet Information Services (IIS)—the underlying server technology behind scores of Windows-based web applications worldwide—continues to gain market share over rivaling platforms, its security vulnerabilities have not been in short supply.
Guide and Enrich Red Team Operations with Attack Surface Intelligence
One of the many cognitive spaces where cybersecurity practitioners often like to boast of ingenuity lies in the realm of adversarial emulation.
The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.
Preventing Subdomain Takeover Attacks with Attack Surface Intelligence
Next year will mark the 40th anniversary of the creation of the Domain Name System (DNS) by Paul Mockapetris, a pioneer of the IT industry whose forays into early distributed systems and email delivery applications led to the groundbreaking naming exchange that permeates today's internet.
The Role of Cloud Misconfigurations & the Attack Surface in the 2022 Verizon DBIR
This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter* and they should dictate a large portion of your risk assessment strategy.
Manage and Protect Your Cloud Infrastructure with Attack Surface Intelligence
The early warnings came fast and furiously over every possible media outlet covering the recent conflict in Ukraine: Russia was aggressively stepping up its cyberattacks in a colossal effort to preemptively disrupt cloud services throughout its soon-to-be embattled neighbor.
Staying Ahead of Malicious Intent Using Attack Surface Intelligence
Last year's Verizon Data Breach Investigations Report remained largely commensurate with preceding ones that implicitly argued in favor of adapting sound attack surface intelligence initiatives to curb the steady growth of cybercrime.
SecurityTrails Meets Gigasheet: Taking Your Recon Analysis to a Whole New Level
Humans, in most cases, are not built to process and conceptualize data in any significant measure or speed.