SecurityTrails Blog
Journey to the Underbelly of the Beast: Out-of-Band Management Security and the Attack Surface
As of this writing, enterprise networks around the world are still known to be supporting some form of hardware-based remote access and control capability, collectively referred to as out-of-band management (OOBM), as a fallback mechanism to provide system administrators with an alternate data path to computing elements that may otherwise be unreachable through more traditional network media.
The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.
How to detect developer mistakes before the bad guys do
Web development is one of the largest, if not the largest, sectors in the current tech space. Everything you see on the internet falls more or less into the web development category, which ranges from basic website UI and UX development to complete application frontends and backends. And the surface area of web development is probably the largest it's ever been.
RDP: Risks and Prevention Tips for Your Attack Surface
The Remote Desktop Protocol (RDP) belongs to a subset of ITU-T protocol standards purposely designed to provide reliable transport of visual, input, control, and component-sharing data and capabilities from one remote computer system to another.
Action needed: Atlassian Confluence On-Premise RCE Vulnerability - CVE-2022-26134
If you are an administrator of an Atlassian Confluence On-Premise installation, please make sure to update your installation immediately. All current versions of Confluence Server & Data Center are affected.
Attack Surface Intelligence: When the Power Comes from the Data
In the current era of the remote workforce, businesses have struggled to meet customer and stakeholder expectations of evolving cyber threats. While organizations choose the best option to update their internal security posture continuously, they often do very little to monitor external threats on their attack surface.