SecurityTrails Blog

Slipping Under the Radar: CVE-2022-26501 - Veeam Unauthenticated RCE
Veeam Software, a global leader in data backup, replication, and disaster recovery solutions, recently disclosed a series of software vulnerabilities affecting the Veeam Distribution Service (VDS) of its flagship Veeam Backup Server line of products.

Exploring the Attack Surface Intelligence and Tines integration
A few days ago we happily announced the immediate release of our Risk Rules API + the integration with Tines, the popular platform designed to help security and ops teams automate manual workloads.

August Product Update: Exposed Admin Panels, Risk Rules API, Risk History by Host, and more!
At SecurityTrails we continuously upgrade, improve and enhance the quality of user experience in our Attack Surface Intelligence platform.

Introducing Risk Rules API + the New Tines Integration
Today we’re excited to introduce our new and highly anticipated Risk Rules API. This new API endpoint allows users to access Attack Surface Intelligence (ASI) information from their own apps and to receive risk rules valuable data immediately.

Atlassian Confluence on-premise vulnerability: Remote access with a hard-coded password
This vulnerability affects on-premise installations of Confluence, where the “Questions for Confluence” add-on is installed or has been installed at any point. Admins should update their instances immediately and ensure they have not been compromised.

Popular Misconfigurations that Make Containerized Apps Vulnerable to Attacks
With today’s staggering number of internet users, and the fact that web applications themselves are doing more than they ever have in the past, scaling, maintaining, and developing large web applications has become a significant challenge for DevOps teams.

Guide and Enrich Red Team Operations with Attack Surface Intelligence
One of the many cognitive spaces where cybersecurity practitioners often like to boast of ingenuity lies in the realm of adversarial emulation.

Journey to the Underbelly of the Beast: Out-of-Band Management Security and the Attack Surface
As of this writing, enterprise networks around the world are still known to be supporting some form of hardware-based remote access and control capability, collectively referred to as out-of-band management (OOBM), as a fallback mechanism to provide system administrators with an alternate data path to computing elements that may otherwise be unreachable through more traditional network media.

The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.

How to detect developer mistakes before the bad guys do
Web development is one of the largest, if not the largest, sectors in the current tech space. Everything you see on the internet falls more or less into the web development category, which ranges from basic website UI and UX development to complete application frontends and backends. And the surface area of web development is probably the largest it's ever been.