Blog

Stay up to date on cybersecurity

BLOG
Attack Path vs Attack Vector: Important Differences You Need To Know
By: Rinat Villeval, Technical Enablement Manager If you want to solve a problem, defining your terms is essential — and there are few more pressing problems than safeguarding critical assets against cyber-criminals. With that in mind, let’s take a closer look at how attack vectors and attack paths differ, and why attack path management is […]
Tagged under:
Ransomware Readiness
By: Shay Siksik, VP Customer Operations   After so many recent high-profile ransomware attacks, CISOs, SOC Managers and other cybersecurity leaders are certainly aware of the risks involved. Global costs from ransomware attacks are expected to crest $20 billion in 2021, according to Cybercrime Magazine. That’s a staggering 5,700% increase in just the last six […]
Tagged under:
log4j
Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting task before, it is now more urgent than ever. Typically, most organizations are not prepared for such a severe risk as very few have mapped any of their machines that are […]
Tagged under:
Log4Shell
Overview Last Thursday, December 9, the Log4Shell vulnerability, CVE-2021-44228 (CVSS score 10), was discovered. This remote code execution (RCE) vulnerability was being exploited in the wild. Log4j is a logging library, and the vulnerability affects all products and applications that use log4j. That’s a lot of products. XM Cyber Log4Shell technique The XM Cyber Research […]
Tagged under: ,
Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts how to abuse different misconfigurations within the Azure environment. In this way, you learn about common Azure security issues. XMGoat contains multiple environments in the form of terraform templates. After installation, the […]
It’s No Secret Migrating to and maintaining a hybrid cloud environment continues to be challenging from a cybersecurity point of view. New security gaps are constantly being created due to new ways of working in a hybrid network environment. Cyber attackers take advantage of this change to obtain the initial foothold and breach an organization […]
Tagged under: , ,
In recent years, the concept of attack surface management has begun to gain traction. When executed correctly, it can dramatically strengthen your security posture and reduce the odds of a serious data breach. If you’re unfamiliar with the basics, let’s start with a quick review. What is an Attack Surface? The attack surface of a software […]
Managing cybersecurity vulnerabilities is enough to make anyone feel under siege. In recent years there have been anywhere from 30-40 new vulnerabilities released daily, which means that security teams have been inundated with new threats and prioritization challenges. The fact that legacy vulnerability management (VM) products can no longer keep up with expanding attack surfaces […]
Tagged under: ,
Cloud Security Masterclass
REGISTER NOW The world is moving at an incredible pace to keep up with the speed of business. 90% of enterprises will be leveraging multi-clouds by 2022. With heavy pressures on accelerating digital transformation due to the COVID-19 pandemic, the adoption and securing of cloud environments is more urgent than ever. As we all embrace […]
Cloud platforms such as Amazon Web Services (AWS) have transformed how we do business. They allow organizations access to highly scalable and flexible computing architecture for a fraction of the cost of a fully in-house solution. However, as organizations migrate to the cloud with record speed, security sometimes falls by the wayside. The complexity of […]
Tagged under: , ,