CyCognito examined an anonymized set of ecommerce assets collected from November 2023 to October 2024. While there is evidence of better security practices, some basic vulnerabilities and misconfigurations persist. Retailers need to take the time to make sure their ecommerce sites are keeping valuable PII and financial information safe.
Read more about Gift or Grift? How Retailers Can Combat Cyber Threats This SeasonCyCognito Blog
Your source for exposure management research, product news, and security insights.
Search the Blog
On November 18, 2024, Palo Alto Networks (PAN) disclosed two serious vulnerabilities in PAN-OS. Chained together, these vulnerabilities create the perfect conditions for pre-authenticated Remote Code Execution (RCE). CyCognito discovery and testing engines actively detect vulnerable assets and all customers have access to an in-platform emerging security issue announcement as of November 20th, 2024.
Read more about Emerging Threat: Palo Alto PAN-OS CVE-2024-0012 & CVE-2024-9474
External Attack Surface Management (EASM) is crucial for reducing risks associated with unknown and unmanaged digital assets, which are responsible for over 65% of breaches. This post provides practical guidance on budgeting for EASM, including cost ranges, staffing requirements, and justifications based on risk reduction, labor savings, and operational efficiencies. Learn how EASM can optimize your security investments while improving your organization’s overall cybersecurity posture.
Read more about How to Budget for EASMSavvy security leaders are moving from the legacy framework of vulnerability management to the emerging framework of exposure management. To learn more about common challenges security teams might face on their journey to exposure management, check out this report: “Vulnerability Management to Exposure Management: A Roadmap for Modernizing Your Application Attack Surface Security.”
Read more about A New Framework: Understanding Exposure ManagementCVE-2024-47575 (FortiJump) is a missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Approximately 60,000 assets are externally exposed worldwide. All CyCognito customers have access to an in-platform emerging threat announcement and methods to identify potentially vulnerable assets.
Read more about Emerging Threat: FortiJump (CVE-2024-47575)CVE-2024-23113 is a critical (9.8) Fortinet remote code execution (RCE) vulnerability affecting a variety of Fortinet products and versions. CyCognito is investigating active tests for CVE-2024-9463. Users can check if their assets are potentially vulnerable using provided filters in the CyCognito platform.
Read more about Emerging Security Issue: Fortinet FortiOS CVE-2024-23113On September 26, 2024, four critical RCE vulnerabilities were disclosed in components of the open-source printing system CUPS. CyCognito is investigating active detection methods for these vulnerabilities. Users can check if any assets are potentially vulnerable using provided filters in the CyCognito platform.
Read more about Emerging Security Issue: Multiple CUPS VulnerabilitiesOn October 9th, 2024, five vulnerabilities affecting Palo Alto Networks Expedition before version 1.2.96 were disclosed by Palo Alto Networks. These issues include OS command injection, SQL injection, cleartext storage of sensitive data, and reflected XSS vulnerabilities. Though active exploitation has not been reported, CyCognito has released an active test and in-app notification covering these issues due to risks posed by their severity and ease of exploitation.
Read more about Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities
Exposure Management (EM), introduced by Gartner in 2022, represents the evolution or vulnerability management. With EM, security teams can address visibility and testing gaps, and stay ahead of threats. This blog includes six signs that your organization needs EM, and five essential requirements to implement it.
Read more about Six Signs that Exposure Management is Right for Your OrganizationWith EASM becoming essential to security operations, many vendors are jumping on board, but not all solutions are enterprise-grade. Basic EASM products can waste time, undermine security teams, and offer a false sense of protection. To avoid these pitfalls, ask your vendor these five critical questions—if they can’t answer, it’s a red flag.
Read more about Five Questions Your EASM Vendor Doesn’t Want You to Ask