6 top risk factors to triage vulnerabilities effectively

Common Vulnerability Scoring System (CVSS) scores have been viewed as the de facto measure to prioritize vulnerabilities. Vulnerabilities are assigned CVSS scores ranging from one to 10, with 10 being the most severe. However, they were never intended as a means of risk prioritization. If you’ve relied on CVSS scores alone to safeguard your organization, here’s why you’re probably using them incorrectly.


Elasticsearch Vulnerability: How to Remediate the most recent Issues

An Elastic Security Advisory (ESA) is a notice from Elastic to its users of a new Elasticsearch vulnerability. The vendor assigns both a CVE and an ESA identifier to each advisory along with a summary and remediation details. When Elastic receives an issue, they evaluate it and, if the vendor decides it is a vulnerability, work to fix it before releasing a remediation in a timeframe that matches the severity.


Full Stack Blues: Exploring Vulnerabilities In The MEAN Stack

Full stack development is all the rage these days, and for good reason: developers with both front-end web development skills and back-end/server coding prowess clearly offer substantially more value to their respective organizations. The ability to traverse the entire stack competently also makes interacting and cooperating with operations and security an easier affair—a key tenet of DevOps culture.


Understanding and mitigating CVE-2020-8563: vSphere credentials leak in the cloud-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8563 if you created a Kubernetes cluster over vSphere, and enabled vSphere as a cloud provider with logging level set to 4 or above. In that case, your vSphere user credentials will be leaked in the cloud-controller-manager‘s log.


Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.

outpost 24

Fix now: High risk vulnerabilities at large, October 13th

This time around, the MySQL vulnerabilities caught our attention because of their low CVSS scores compared to their high likelihood risk rating. This is something we see often when working with our customers, and demonstrates how a risk based approach to vulnerability management changes as organizations focus on where there is a real risk of compromise.


CVE-2020-16898 - Microsoft TCP/IP Vulnerability

In Microsoft’s October 2020 Patch-Tuesday release, a remote code execution vulnerability CVE-2020-16898 was disclosed. The vulnerability is wormable and does not require any user interaction. The proof-of-concept code for crashing the victim system is available publicly and the vulnerability could soon be weaponized by malicious actors. The CloudPassage Halo cloud security platform identifies which servers are vulnerable.

DIY Guide to Open Source Vulnerability Management

You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Featured Post

Container Inspection: Walking The Security Tightrope For Cloud DevOps

Containers are at the forefront of software development creating a revolution in cloud computing. Developers are opting for containerization at an impressive rate due to its efficiency, flexibility and portability. However, as the usage of containers increases, so should the security surrounding it. With containers comprising of many valuable components it is of the utmost importance that there are no vulnerabilities exposed when developing applications, and risks are mitigated before containers, and their contents, reach the end-user.