Resources

CyCognito Blog

Page 4 of 15
Research

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 1, 2024

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine, specifically Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14. HashiCorp has released patches for CVE-2024-7594 and organizations can mitigate vulnerable instances by setting the SSH secrets engine valid_principals field to a non-empty value. CyCognito is investigating methods to deploy to actively detect this vulnerability, but more information about this issue is available to users in the CyCognito platform.

Go to the Post


Research

Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 30, 2024

CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD) software. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2. CyCognito discovery and testing engines actively detect CVE-2024-28987 and customers have access to an in-platform emerging security issue announcement as of September 29th, 2024.

Go to the Post


Featured, Perspectives

Think your attack surface is covered? Let’s look at the math.

Jason-Pappalexis
By Jason Pappalexis
Sr. Technical Marketing Manager
September 30, 2024

Many organizations believe their security testing is robust, but common tools like vulnerability scanning and penetration testing often leave surprising gaps. Infrequent tests, limited asset coverage and inaccurate results leave exposure and risk. Achieving ideal security goals requires full coverage, high accuracy, and frequent testing—criteria most approaches struggle to deliver. CyCognito bridges these gaps with automated testing for network systems and web applications, helping organizations strengthen their security, continuously.

Go to the Post


Research

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 27, 2024

CVE-2024-6670 is an actively exploited critical (CVSS v3 score: 9.8) SQL injection vulnerability affecting Progress Software’s WhatsUp Gold network monitoring tool. CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and all customers have access to an in-platform emerging security issue announcement as of September 27th, 2024.

Go to the Post


Featured, Research

Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 23, 2024

CyCognito just published our 2024 State of External Exposure Management Report. In this report, we looked at where serious issues hide on the average attack surface, how basic protections can help (or fail to) protect critical assets, and the ways that deprioritizing issues can help security teams spend their time on the right vulnerabilities.

Go to the Post


Strategy

Common security testing approaches leave gaps. Here’s how to find them.

Jason-Pappalexis
By Jason Pappalexis
Sr. Technical Marketing Manager
September 16, 2024

Gaps in security testing involve more than missed assets – infrequent and inaccurate security testing can be just as big. This blog provides a five-step plan to help you find testing gaps and tighten your testing program, improving risk management, decision-making, and cost efficiency. A must-read for anyone looking to strengthen their security across their external attack surface.

Go to the Post


Research

Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 10, 2024

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw affecting SonicWall firewall devices that attackers are actively exploiting to deliver ransomware. CyCognito discovery and testing engines detect all assets running SonicWall SonicOS products and leverage multiple tests to services of the vulnerable product and versions. All customers have access to an in-platform emerging security issue announcement as of September 10th, 2024.

Go to the Post


Products

Optimizing Asset Management and Incident Response: CyCognito’s New Integration with ServiceNow CMDB

Ansh-Patnaik
By Ansh Patnaik
Chief Product Officer
August 21, 2024

CyCognito’s new certified integration with ServiceNow’s Configuration Management Database (CMDB) enhances asset visibility and streamlines management to bolster cybersecurity defenses. By synchronizing CyCognito assets with ServiceNow Configuration Items (CIs), the integration ensures that the CMDB remains current, enabling quicker assessment and response to potential threats. This integration is particularly valuable for organizations aiming to standardize asset management and security operations on the ServiceNow platform.

Go to the Post


Perspectives

A Recent Interview Uncovers How Berlitz Corporation Reduced Critical Alerts by 86% and Saved 100K with CyCognito

Brittany-Busa
By Brittany Busa
Customer Marketing and Advocacy Lead
July 22, 2024

I recently sat down with Daniel Schlegel, the Global Chief Information Officer (CIO), Chief Security Officer, and Chief Privacy Officer of Berlitz Corporation, a global leader in language training and cultural education, to hear about their transformative experience using CyCognito to gain global external attack surface visibility, reduce costs, and enhance their security posture.

Go to the Post


Products

What’s the buzz about NIS 2?

Jason-Pappalexis
By Jason Pappalexis
Sr. Technical Marketing Manager
July 15, 2024

NIS 2 deadline is October 2024, but many are challenged to implement. CyCognito provides risk-based insight that speeds your alignment with NIS 2.

Go to the Post


Older PostsNewer Posts

Topics


Search the Blog



Featured Posts

Emma Zaballos
A New Framework: Understanding Exposure Management 
By Emma Zaballos
November 11, 2024
Jason Pappalexis
Six Signs that Exposure Management is Right for Your Organization
By Jason Pappalexis
October 14, 2024
Jason Pappalexis
Think your attack surface is covered? Let’s look at the math.
By Jason Pappalexis
September 30, 2024
Emma Zaballos
Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report
By Emma Zaballos
September 23, 2024
Graham Rance
Web Application Security Testing: Struggles, Shortfalls and Solutions
By Graham Rance
June 3, 2024


Top Tags


Stay informed

Subscribe to the Blog

Subscribe now to get the latest insights delivered straight to your inbox.

CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.

Request a Scan