External Attack Surface Management (EASM) is crucial for reducing risks associated with unknown and unmanaged digital assets, which are responsible for over 65% of breaches. This post provides practical guidance on budgeting for EASM, including cost ranges, staffing requirements, and justifications based on risk reduction, labor savings, and operational efficiencies. Learn how EASM can optimize your security investments while improving your organization’s overall cybersecurity posture.
Savvy security leaders are moving from the legacy framework of vulnerability management to the emerging framework of exposure management. To learn more about common challenges security teams might face on their journey to exposure management, check out this report: “Vulnerability Management to Exposure Management: A Roadmap for Modernizing Your Application Attack Surface Security.”
CVE-2024-47575 (FortiJump) is a missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Approximately 60,000 assets are externally exposed worldwide. All CyCognito customers have access to an in-platform emerging threat announcement and methods to identify potentially vulnerable assets.
CVE-2024-23113 is a critical (9.8) Fortinet remote code execution (RCE) vulnerability affecting a variety of Fortinet products and versions. CyCognito is investigating active tests for CVE-2024-9463. Users can check if their assets are potentially vulnerable using provided filters in the CyCognito platform.
On September 26, 2024, four critical RCE vulnerabilities were disclosed in components of the open-source printing system CUPS. CyCognito is investigating active detection methods for these vulnerabilities. Users can check if any assets are potentially vulnerable using provided filters in the CyCognito platform.
On October 9th, 2024, five vulnerabilities affecting Palo Alto Networks Expedition before version 1.2.96 were disclosed by Palo Alto Networks. These issues include OS command injection, SQL injection, cleartext storage of sensitive data, and reflected XSS vulnerabilities. Though active exploitation has not been reported, CyCognito has released an active test and in-app notification covering these issues due to risks posed by their severity and ease of exploitation.
Exposure Management (EM), introduced by Gartner in 2022, represents the evolution or vulnerability management. With EM, security teams can address visibility and testing gaps, and stay ahead of threats. This blog includes six signs that your organization needs EM, and five essential requirements to implement it.
With EASM becoming essential to security operations, many vendors are jumping on board, but not all solutions are enterprise-grade. Basic EASM products can waste time, undermine security teams, and offer a false sense of protection. To avoid these pitfalls, ask your vendor these five critical questions—if they can’t answer, it’s a red flag.
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine, specifically Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14. HashiCorp has released patches for CVE-2024-7594 and organizations can mitigate vulnerable instances by setting the SSH secrets engine valid_principals field to a non-empty value. CyCognito is investigating methods to deploy to actively detect this vulnerability, but more information about this issue is available to users in the CyCognito platform.
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD) software. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2. CyCognito discovery and testing engines actively detect CVE-2024-28987 and customers have access to an in-platform emerging security issue announcement as of September 29th, 2024.
