Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited by malicious actors last year. The post CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and ... Read More

According to Risk Based Security, a Flashpoint company, 1,701 new vulnerabilities were disclosed last month, with 22 percent (382) of them missed by CVE/NVD. Here are some things you should know about the full vulnerability picture. Apple zero-days are still at large Among the vulnerabilities missed by MITRE and NIST ... Read More

If your risk models are missing nearly one-third of all known vulnerabilities, are they effective? The Common Vulnerabilities and Exposures (CVE) database has become the unofficial “official” source for disclosed vulnerabilities. Nearly every organization’s vulnerability management framework relies on it in one form or another, and whenever vulnerabilities are communicated, ... Read More

Flashpoint and Risk Based Security have analyzed a new remote code execution (RCE) vulnerability looming in the background, dubbed “SpringShell,” which could affect a wide variety of software. In some circles, SpringShell is being hyped and rumored to be as impactful as Log4Shell. But we are still collecting facts and ... Read More

On Monday March 21, the Biden Administration released several statements stressing the importance of cybersecurity, warning the private sector of potential malicious cyber activity from Russia. Biden implored companies to “harden your cyber defenses immediately” and explicitly named CISA’s Shields Up campaign as the best way to do so. This ... Read More