Product Marketing Manager
October 16, 2024
On September 26, 2024, four critical RCE vulnerabilities were disclosed in components of the open-source printing system CUPS. CyCognito is investigating active detection methods for these vulnerabilities. Users can check if any assets are potentially vulnerable using provided filters in the CyCognito platform.
Product Marketing Manager
October 16, 2024
On October 9th, 2024, five vulnerabilities affecting Palo Alto Networks Expedition before version 1.2.96 were disclosed by Palo Alto Networks. These issues include OS command injection, SQL injection, cleartext storage of sensitive data, and reflected XSS vulnerabilities. Though active exploitation has not been reported, CyCognito has released an active test and in-app notification covering these issues due to risks posed by their severity and ease of exploitation.
Sr. Technical Marketing Manager
October 14, 2024
Exposure Management (EM), introduced by Gartner in 2022, represents the evolution or vulnerability management. With EM, security teams can address visibility and testing gaps, and stay ahead of threats. This blog includes six signs that your organization needs EM, and five essential requirements to implement it.
Chief Marketing Officer
October 7, 2024
With EASM becoming essential to security operations, many vendors are jumping on board, but not all solutions are enterprise-grade. Basic EASM products can waste time, undermine security teams, and offer a false sense of protection. To avoid these pitfalls, ask your vendor these five critical questions—if they can’t answer, it’s a red flag.
Product Marketing Manager
October 1, 2024
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine, specifically Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14. HashiCorp has released patches for CVE-2024-7594 and organizations can mitigate vulnerable instances by setting the SSH secrets engine valid_principals field to a non-empty value. CyCognito is investigating methods to deploy to actively detect this vulnerability, but more information about this issue is available to users in the CyCognito platform.
Product Marketing Manager
September 30, 2024
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD) software. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2. CyCognito discovery and testing engines actively detect CVE-2024-28987 and customers have access to an in-platform emerging security issue announcement as of September 29th, 2024.
Sr. Technical Marketing Manager
September 30, 2024
Many organizations believe their security testing is robust, but common tools like vulnerability scanning and penetration testing often leave surprising gaps. Infrequent tests, limited asset coverage and inaccurate results leave exposure and risk. Achieving ideal security goals requires full coverage, high accuracy, and frequent testing—criteria most approaches struggle to deliver. CyCognito bridges these gaps with automated testing for network systems and web applications, helping organizations strengthen their security, continuously.
Product Marketing Manager
September 27, 2024
CVE-2024-6670 is an actively exploited critical (CVSS v3 score: 9.8) SQL injection vulnerability affecting Progress Software’s WhatsUp Gold network monitoring tool. CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and all customers have access to an in-platform emerging security issue announcement as of September 27th, 2024.
Product Marketing Manager
September 23, 2024
CyCognito just published our 2024 State of External Exposure Management Report. In this report, we looked at where serious issues hide on the average attack surface, how basic protections can help (or fail to) protect critical assets, and the ways that deprioritizing issues can help security teams spend their time on the right vulnerabilities.
Sr. Technical Marketing Manager
September 16, 2024
Gaps in security testing involve more than missed assets – infrequent and inaccurate security testing can be just as big. This blog provides a five-step plan to help you find testing gaps and tighten your testing program, improving risk management, decision-making, and cost efficiency. A must-read for anyone looking to strengthen their security across their external attack surface.
