Discover valuable external risk insights. Learn how to bridge gaps in external attack surface and enhance security with actionable strategies.
Read more about External Risk Insights: Mind the Gaps in the External Attack Surface
CyCognito Blog
Research
Search the Blog
Solving meaningful external risk challenges requires the right information at the right time in the hands of the right people.
Read more about Shrink your External Attack Surface with Better Communications
What is the economic impact of adding an External Attack Surface Management platform to your 2024 cybersecurity roadmap?
Read more about Study: EASM Products Boost Security While Reducing CostsA critical bug in OpenSSL versions 3.0+ dashes security team hopes that this Halloween will include treats and no tricks.
Read more about Heartbleed-like Critical OpenSSL Bug Impacts Versions 3+Despite eradication efforts, Log4j continues to haunt large corporations eight months after the critical vulnerability was discovered.
Read more about Risky Business: Enterprises Can’t Shake Log4jMergers and acquisitions, poorly managed web apps and insecure PII represent biggest risks tied to external attack surfaces in 2022.
Read more about Exclusive EASM Report: Mergers and Acquisitions Top 2022 External Attack Surface Management RisksOn May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IPNIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4Shell
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965
Based on our experience responding to these issues, advice from expert CISOs, and our community of customers here are steps for a simplified response plan you can use today and for future outbreaks.
Read more about Set Up Your Log4J Response Plan