CyCognito Blog
Research
Research
Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)
By Emma Zaballos
Product Marketing Manager
September 27, 2024
CVE-2024-6670 is an actively exploited critical (CVSS v3 score: 9.8) SQL injection vulnerability affecting Progress Software’s WhatsUp Gold network monitoring tool. CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and all customers have access to an in-platform emerging security issue announcement as of September 27th, 2024.
Featured, Research
Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report
By Emma Zaballos
Product Marketing Manager
September 23, 2024
CyCognito just published our 2024 State of External Exposure Management Report. In this report, we looked at where serious issues hide on the average attack surface, how basic protections can help (or fail to) protect critical assets, and the ways that deprioritizing issues can help security teams spend their time on the right vulnerabilities.
Research
Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)
By Emma Zaballos
Product Marketing Manager
September 10, 2024
CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw affecting SonicWall firewall devices that attackers are actively exploiting to deliver ransomware. CyCognito discovery and testing engines detect all assets running SonicWall SonicOS products and leverage multiple tests to services of the vulnerable product and versions. All customers have access to an in-platform emerging security issue announcement as of September 10th, 2024.
Featured, Research
Web Application Security Testing: Struggles, Shortfalls and Solutions
By Graham Rance
Field CTO
June 3, 2024
A survey of cybersecurity professionals in the U.S. and U.K. reveals challenges in web application security testing. Key findings include extensive attack surfaces due to numerous in-house and third-party applications, frequent security incidents, concerns about the effectiveness of existing tools, and inadequate testing coverage. Additionally, over half of respondents struggle to remediate discovered vulnerabilities. These findings highlight the need for improved web application security testing strategies.
Featured, Research
The Biggest Security Nightmares from 2023 and How They Could Ruin Your 2024
By Emma Zaballos
Product Marketing Manager
May 15, 2024
CyCognito shares insights showing how security teams can learn from previous incidents and leverage exposure management techniques to stay ahead of attackers.
Research
Emerging Security Issue: Palo Alto Networks GlobalProtect PAN-OS Software CVE-2024-3400
By Emma Zaballos
Product Marketing Manager
April 16, 2024
Palo Alto Networks announced the discovery of CVE-2024-3400. CyCognito has informed affected customers of potentially affected assets.
Research
Emerging Security Issue: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887
By Emma Zaballos
Product Marketing Manager
January 24, 2024
Two security issues affecting the popular Ivanti Connect Secure and Ivanti Policy Secure remote access SSL VPN systems can be chained together to give unauthenticated attackers remote access to critical systems. CyCognito’s active testing protects our current customers and delivers key insights about these vulnerabilities in the CyCognito platform.
Featured, Research
This Holiday Shopping Season, Your Attack Surface is Open for Business
By Emma Zaballos
Product Marketing Manager
November 21, 2023
Cyber Monday is right around the corner and millions of consumers will flock to ecommerce websites in search of the best deals. But can shoppers be assured that the sites they do business with are secure and compliant? Before and during the holiday shopping season, retailers need to ensure that ecommerce websites with missing WAFs, cryptographic vulnerabilities, or easily exploited critical issues.
Research
It’s 10pm – Do You Know Where Your PII Is?
By Emma Zaballos
Product Marketing Manager
September 6, 2023
Have you ever wondered just how much the average external attack surface changes every month?
Research
The MOVEit Hacking Spree: Impact, Perspective and Detecting it in Your Attack Surface
By Greg Delaney
Was a Senior Product Marketing Manager at CyCognito
July 28, 2023
A series of MOVEit Transfer vulnerabilities have affected 520 organizations and over 32 million individuals. The Russian-speaking ransomware gang CL0P has claimed responsibility for the attacks, which date back to May 2023. Organizations that have not yet applied the patches across all instances are still at risk. CyCognito’s platform can help customers to find where MOVEit Transfer is being used across their attack surface and identify exposed risks.
Topics
Search the Blog
Featured Posts
Six Signs that Exposure Management is Right for Your Organization
By Jason Pappalexis
October 14, 2024
Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report
By Emma Zaballos
September 23, 2024
Top Tags
CyCognito Research Report
State of External Exposure Management, Summer 2024 Edition
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
O'Reilly Report
Moving from Vulnerability Management to Exposure Management
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Request a Free Scan
See Exactly What Attackers See
Get a Free Scan of Your Attack Surface
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.