Vulnerability management tools are security applications that scan networks and software to identify weaknesses that malicious actors can exploit. Once a scan pinpoints a weakness, the vulnerability software initiates or recommends remediation action, which reduces the risk of attack. Vulnerability management tools incorporated alongside other security measures are key for businesses to not only prioritise possible threats but to minimise attack surfaces … Read More
Log4j zero day vulnerability: How to protect yourself
The Log4j zero day vulnerability (CVE-2021-44228) is a remote code execution (RCE) vulnerability that allows malicious actors to take complete control of vulnerable devices and execute arbitrary code. The Log4j 0-day vulnerability has to date, been detected in more than 3 million vulnerable instances. Researchers also found that nearly 68,000 vulnerabilities were present in cloud workloads and containers within the … Read More
New Spring4Shell vulnerability: CVE-2022-22963 and CVE-2022-22965
Spring4Shell – a new zero-day vulnerability which affects Spring users It’s the second critical bug that has been identified on the application within a week. Spring is a widely used application framework and inversion of control container for the Java platform. Its core features can be used by any Java application which means a large number of users may have … Read More
How to protect personally identifiable information from a cyber breach
In recent years, personally identifiable information (PII) such as social security numbers, medical history, and banking details have become a high priority target for cybercriminals. For example, There were 1.4 million reported ID theft incidents in 2020, as opposed to 650,000 incidents in 2019. Driven by the prospect of high prices on the dark web and security vulnerabilities prevalent in … Read More
How to protect your server against shellshock vulnerability
Shellshock vulnerability is a bug in the Bash command-line interface shell that has existed for over three decades, though it was first discovered in 2014. Despite its discovery eight years ago, the vulnerability, also known as Bash Bug software, still poses a danger to organisations. In fact, the threat is so severe that the National Institute of Standards and Technology … Read More
Looking back at the top data breaches of 2021
RiskXchange can help your company avoid becoming one of those affected by costly cyberattacks and ensure your organisation doesn’t make our list of top data breaches.. Cybercriminals flourished in 2021, which is, of course, bad news for businesses right around the globe. The Identity Theft Resource Center (ITCR) reported that by the end of September last year, the number of … Read More
PrintNightmare: Understanding the Windows Print Spooler vulnerability
RiskXchange provides full visibility over your eco-systems’ entire attack surface in near real-time to avoid vulnerabilities like PrintNightmare. Researchers at Sangfor Technologies accidentally published a proof-of-concept (PoC) exploit recently for a new and unpatched vulnerability affecting the Print Spooler service on newer versions of Windows. Although the PoC was deleted soon after its publication, the damage was already widespread. The … Read More
Leveraging common vulnerabilities and exposures (CVE) to strengthen cybersecurity posture
As organisations across finance, healthcare, and logistics continue to transfer their operations to cloud-based applications, it raises concerns about third-party vendor attacks. Cyber attacks via third parties and vendors have been on the rise in recent years. Research shows over 1,767 reported data breaches in 2021, and experts claim that this number will go up within the next few years. … Read More
What is an attack vector and how can you avoid it?
RiskXchange generates objective and quantitative reporting on a company’s cyber security risk and performance. Cybercrime is ever evolving, and hackers are changing their tactics daily. Malware is commonplace but ransomware is the biggest threat to organisations in 2021. Some attack vectors – like phishing and credential theft – have been around for quite some time while others have cropped up in recent years causing widespread damage. What is an attack … Read More