Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Research

Emerging Threat: FortiJump (CVE-2024-47575) 

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 29, 2024

CVE-2024-47575 (FortiJump) is a missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Approximately 60,000 assets are externally exposed worldwide. All CyCognito customers have access to an in-platform emerging threat announcement and methods to identify potentially vulnerable assets.



Research

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 16, 2024

CVE-2024-23113 is a critical (9.8) Fortinet remote code execution (RCE) vulnerability affecting a variety of Fortinet products and versions. CyCognito is investigating active tests for CVE-2024-9463. Users can check if their assets are potentially vulnerable using provided filters in the CyCognito platform.



Research

Emerging Security Issue: Multiple CUPS Vulnerabilities

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 16, 2024

On September 26, 2024, four critical RCE vulnerabilities were disclosed in components of the open-source printing system CUPS. CyCognito is investigating active detection methods for these vulnerabilities. Users can check if any assets are potentially vulnerable using provided filters in the CyCognito platform.



Research

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 16, 2024

On October 9th, 2024, five vulnerabilities affecting Palo Alto Networks Expedition before version 1.2.96 were disclosed by Palo Alto Networks. These issues include OS command injection, SQL injection, cleartext storage of sensitive data, and reflected XSS vulnerabilities. Though active exploitation has not been reported, CyCognito has released an active test and in-app notification covering these issues due to risks posed by their severity and ease of exploitation.



Research

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
October 1, 2024

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine, specifically Vault Community Edition versions 1.7.7-1.17.5 and Vault Enterprise versions 1.7.7-1.17.5, as well as 1.16.9 and 1.15.14. HashiCorp has released patches for CVE-2024-7594 and organizations can mitigate vulnerable instances by setting the SSH secrets engine valid_principals field to a non-empty value. CyCognito is investigating methods to deploy to actively detect this vulnerability, but more information about this issue is available to users in the CyCognito platform.



Research

Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 30, 2024

CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD) software. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2. CyCognito discovery and testing engines actively detect CVE-2024-28987 and customers have access to an in-platform emerging security issue announcement as of September 29th, 2024.



Research

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 27, 2024

CVE-2024-6670 is an actively exploited critical (CVSS v3 score: 9.8) SQL injection vulnerability affecting Progress Software’s WhatsUp Gold network monitoring tool. CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and all customers have access to an in-platform emerging security issue announcement as of September 27th, 2024.



Research

Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 10, 2024

CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw affecting SonicWall firewall devices that attackers are actively exploiting to deliver ransomware. CyCognito discovery and testing engines detect all assets running SonicWall SonicOS products and leverage multiple tests to services of the vulnerable product and versions. All customers have access to an in-platform emerging security issue announcement as of September 10th, 2024.



Research

Emerging Security Issue: Palo Alto Networks GlobalProtect PAN-OS Software CVE-2024-3400

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
April 16, 2024

Palo Alto Networks announced the discovery of CVE-2024-3400. CyCognito has informed affected customers of potentially affected assets.



Research

Emerging Security Issue: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
January 24, 2024

Two security issues affecting the popular Ivanti Connect Secure and Ivanti Policy Secure remote access SSL VPN systems can be chained together to give unauthenticated attackers remote access to critical systems. CyCognito’s active testing protects our current customers and delivers key insights about these vulnerabilities in the CyCognito platform.




Topics



Search the Blog



Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.