When you shouldn’t patch: Managing your risk factors

Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before […]

The post When you shouldn’t patch: Managing your risk factors appeared first on Security Intelligence.

Continue reading When you shouldn’t patch: Managing your risk factors

How CTEM is providing better cybersecurity resilience for organizations

Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution. Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable […]

The post How CTEM is providing better cybersecurity resilience for organizations appeared first on Security Intelligence.

Continue reading How CTEM is providing better cybersecurity resilience for organizations

What’s behind unchecked CVE proliferation, and what to do about it

The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations’ cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified. Meanwhile, Coalition’s 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit […]

The post What’s behind unchecked CVE proliferation, and what to do about it appeared first on Security Intelligence.

Continue reading What’s behind unchecked CVE proliferation, and what to do about it

CVE backlog update: The NVD struggles as attackers change tactics

In February, the number of vulnerabilities processed and enriched by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) started to slow. By May, 93.4% of new vulnerabilities and 50.8% of known exploited vulnerabilities were still waiting on analysis, according to research from VulnCheck. Three months later, the problem persists. While NIST […]

The post CVE backlog update: The NVD struggles as attackers change tactics appeared first on Security Intelligence.

Continue reading CVE backlog update: The NVD struggles as attackers change tactics

MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and […]

The post MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis appeared first on Security Intelligence.

Continue reading MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker […]

The post Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain appeared first on Security Intelligence.

Continue reading Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

CISA’s Known Vulnerabilities Impact 15M Public Services

CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million vulnerable instances. And the majority of the occurrences were Microsoft Windows instances. Rezilion notes that […]

The post CISA’s Known Vulnerabilities Impact 15M Public Services appeared first on Security Intelligence.

Continue reading CISA’s Known Vulnerabilities Impact 15M Public Services

X-Force Identifies Vulnerability in IoT Platform

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a […]

The post X-Force Identifies Vulnerability in IoT Platform appeared first on Security Intelligence.

Continue reading X-Force Identifies Vulnerability in IoT Platform

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption […]

The post Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours appeared first on Security Intelligence.

Continue reading Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but […]

The post Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” appeared first on Security Intelligence.

Continue reading Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”