Vulnerability Management: So Much More Than Just Patch Management

The other day I happened upon an article titled: “Vulnerability Management: Why the Problem Can’t Be Solved“, which made me curious for all the wrong reasons. As you can imagine, I strongly disagree with the premise that vulnerability management is a problem that cannot be solved. Having worked in the vulnerability intelligence field for more […]

CVSSv3: New System, New Problems (File-based Attacks)

This is the second blog post in our series discussing CVSSv3. As shared in the first post, we have been in the process of thoroughly evaluating CVSSv3 to better understand the improvements and limitations compared to CVSSv2 for quite some time. For those curious about our thoughts on CVSSv2, we recommend our “The CVSSv2 Shortcomings, Faults, and Failures […]

Please Email Us Your PII

No, we are not asking you to email us your PII (Personally Identifiable Information), but we are seeing other companies asking customers to do so more and more often when it comes to e.g. making online purchases, and it is a worrying trend. We ourselves have experienced suspect requests like this a few times. A […]

When The World Sleeps…

Last week, the Centre for Cyber Security under Danish Military Intelligence published a report titled (translated from Danish): “When Denmark Sleeps – hostile buildup on unsafe servers”. The report details attacks against at least six Danish private companies and public institutions, exploiting unsafely configured and unpatched JBoss servers. While the report discusses cases in Denmark, […]