Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1 appeared first on Flashpoint ... Read More

Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1 appeared first on Flashpoint ... Read More

Yesterday, CISA and US Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, internet-facing VMware Horizon and Unified Access Gateway servers. The post Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA appeared first on Flashpoint ... Read More

Yesterday, CISA and US Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, internet-facing VMware Horizon and Unified Access Gateway servers. The post Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA appeared first on Flashpoint ... Read More

According to Microsoft, Patch Tuesday will continue in July 2022 and the foreseeable future. Unfortunately, several prominent media outlets have misinterpreted this, writing rhetorically-charged titles that have created confusion within the security community. The post Patch Tuesday Isn’t Ending. Here’s What Microsoft is Saying appeared first on Flashpoint ... Read More

According to Microsoft, Patch Tuesday will continue in July 2022 and the foreseeable future. Unfortunately, several prominent media outlets have misinterpreted this, writing rhetorically-charged titles that have created confusion within the security community. The post Patch Tuesday Isn’t Ending. Here’s What Microsoft is Saying appeared first on Flashpoint ... Read More

On June 7, the US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) released an advisory outlining the different tactics, techniques, and procedures (TTPs), particularly common vulnerabilities and exploits (CVEs), that Chinese state-sponsored cyber-enabled actors are utilizing to attack and exploit entities ... Read More

A scalable, high-quality vulnerability management program (VMP) accounts for volatility and exploitability by first focusing on issues that affect critical assets, rather than attempting to patch top-down. The post The Practitioner’s Guide to Vulnerability Management: Implementing a Risk-Based Approach appeared first on Flashpoint ... Read More

A RCE vulnerability has forced FromSoftware to take down 'Dark Souls' servers. However, there are more issues that haven't been publicly addressed. The post What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline appeared first on Flashpoint ... Read More

On May 4, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added five “new” vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog. Three of the entries were originally disclosed in 2014, including the infamous Heartbleed vulnerability (CVE-2014-0160). CISA adds the Heartbleed vulnerability Before Log4Shell, there was Heartbleed, a third-party library ... Read More