Vulnerability & Threat Management

20 05, 2020

Salt Vulnerabilities Exploited with Targeted Cryptomining Attack on DigiCert

By |2020-05-20T15:15:15-07:00May 20th, 2020|Vulnerability & Threat Management|

The SSL/TLS certificate distributor DigiCert recently revealed that it has fallen foul of attackers who took advantage of two Salt vulnerabilities to disrupt its exposed infrastructure with cryptocurrency miner software. For the uninitiated, Salt is a configuration management and orchestration system that is used to monitor servers and maintain their configurations; it works with a [...]

9 04, 2020

How will COVID-19 Impact Digital Transformation?

By |2020-04-09T10:06:45-07:00April 9th, 2020|Threat Intelligence, Visibility & Intelligence|

We’re all still feeling the fallout from the onset of the COVID-19 crisis: it has impacted the way we live, the way we work and will have hindered some business’ new business initiatives, including a number of large-scale digital transformation efforts. The impact of the shift which businesses have been forced to take as a [...]

7 04, 2020

The Evolution of Ransomware: What to Expect in 2020 and Beyond

By |2020-03-31T14:43:20-07:00April 7th, 2020|Attack Surface, Cybercrime, Vulnerability & Threat Management|

Keeping pace with rapid change within the cybersecurity field, the evolution of ransomware has been swift and complex since the malware’s inception. The scattergun approach to ransomware distribution that used to be popular with criminals (peaking in 2017 with the WannaCry attack) has now fallen to the wayside in favor of more targeted attacks on [...]

25 02, 2020

Why Security Needs to be the “Department of Yes”

By |2020-02-25T14:44:33-08:00February 25th, 2020|Vulnerability & Threat Management|

The cybersecurity world is more complex than ever.  Everything has gone digital, traditional security boundaries have vanished, workforces are mobile and internationally dispersed and the number of regulatory mandates that the CISO has to navigate is dizzying. Add to that the need to secure an increasing number of rapidly spun-up innovations and their reputation for [...]

24 02, 2020

Exploring the Vulnerabilities with Most Associated Malware

By |2020-02-24T09:36:49-08:00February 24th, 2020|Vulnerability & Threat Management|

The recently-released Vulnerability and Threat Trends Report 2020 shone a light on a relatively underexposed trend by revealing the top ten vulnerabilities with most associated malware. These are flaws that are each used by around 50 types of malware. The most popular, CVE-2018-8174 or ‘Double Kill’, has astonishingly attracted a total of 62 associated malware [...]

12 02, 2020

Vulnerability and Threat Trends Report 2020: Key Findings

By |2020-02-12T12:04:23-08:00February 12th, 2020|Vulnerability & Threat Management|

The latest edition of Skybox’s Vulnerability and Threat Trends report was released today. The report examines the new vulnerabilities published in 2019, newly developed exploits, new exploit–based malware and attacks, current threat tactics and more. Vulnerabilities do not exist in a vacuum and they cannot be managed in isolation. In order to know what to [...]

21 11, 2019

First BlueKeep Exploit Hits – Have Lessons Been Learned?

By |2019-11-21T14:29:45-08:00November 21st, 2019|Vulnerability & Threat Management|

A couple of weeks ago, the world woke up to the news of the first BlueKeep exploit. This exploit has been expected since May, when Microsoft took the unusual step of releasing patches for out-of-support product versions alongside a warning that, “it is possible that we won’t see this vulnerability incorporated into malware. But that’s not [...]