Our security is only as strong as our ability to manage it: The necessity of Attack Path Management for the Hybrid Cloud
Michael Greenberg | Blog

Now it’s no secret businesses have ramped up and driven the adoption of the cloud faster than any period previously. One of the key…

The XM Cyber 2022 Attack Path Management Impact Report
Michael Greenberg | Blog

The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…

5 Ways to Make Attack Path Management More Manageable
Shay Siksik | Blog

Effective cybersecurity can be distilled to a single idea: Protect your most business critical assets. Protecting your most critical assets, in turn, can be…

XM Cyber Advisory – Spring4Shell, Zero Day
Zur Ulianitzky; Ilay Grossman | Blog

Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…

New Privilege Escalation Techniques are Compromising your Google Cloud Platform
Idan Strovinsky, Zur Ulianitzky | Blog

In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…

See All Ways: How to Overcome the Big Disconnect in Cybersecurity
Sharron Malaver | Blog

Today’s reality in cybersecurity is that, with the right combination of tools, you may be able to see all kinds of misconfigurations … and…

10 ways to gain control over Azure function app sites

Written by Bill Ben Haim & Zur Ulianitzky Overview Pen-testers! Red-teamers! We’ve prepared a bucket of new Azure techniques, specifically about Azure function app sites. In this…

Choosing Attack Path Management Over Security Control Validation When Shopping for Breach & Attack Simulation
Menachem Shafran | Blog

Breach and Attack Simulation is gaining lots of hype today. Yet simulating attacks can mean many different things and serve many different use cases….

Attack Path vs Attack Vector: Important Differences You Need To Know

By: Rinat Villeval, Technical Enablement Manager If you want to solve a problem, defining your terms is essential — and there are few more…

Top 3 Benefits of Ransomware Readiness Assessment
Shay Siksik | Blog

After so many recent high-profile ransomware attacks, CISOs, SOC Managers and other cybersecurity leaders are certainly aware of the risks involved. Global costs from…

Time to go beyond Log4Shell and see the entire attack path

Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting…

XM Cyber Advisory – Log4Shell, CVE-2021-44228

Overview Last Thursday, December 9, the Log4Shell vulnerability, CVE-2021-44228 (CVSS score 10), was discovered. This remote code execution (RCE) vulnerability was being exploited in…

1 2 3 19

See all ways we can help you

See what attackers see, so you can stop them from doing what attackers do.