Vulnerability Archive
patch management

Have you patched your holes? 6 Simple Things for Patch Management

A vulnerability is a hole or a weakness in an application. It can be a design flaw or a bug. Attackers exploit vulnerabilities to harm the application owner, application users, and other entities that rely on the application. Patch management is the process of software updates to eliminate vulnerabilities or mitigate cyber risk caused by […]
patch management

What is Patch Management?

What is Patch Management? Patch management is a strategy for systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. This intervention enables systems to stay updated on existing patches, and helps also IT teams determine which patches are the appropriate ones. As a part of change management, […]
Malicious JavaScripts

Malicious JavaScripts: How Can You Get Hacked?

Malicious JavaScripts: How Can You Get Hacked? Detecting the vulnerabilities and leaking are of the essence in hacking. That’s why maintaining cyber security is quite crucial for individuals and corporations. In 2017, even a big firm like Yahoo was hacked by a simple phishing e-mail. Equifast -one of the largest credit bureaus- was hacked through […]
Malicious Javascript hack Code

How Companies Are Hacked via Malicious Javascript Hack Code?

Malicious Javascript Hack Code; JavaScript is dangerous. Maybe you’ve heard this sentence several times before. Actually, being dangerous or not dangerous is true under different circumstances. JavaScript can be dangerous if the proper precautions aren’t taken. It can be used to view or steal personal data even you don’t realize what’s going on. And since […]
Domain Shadowing

Domain Shadowing

What is Domain Shadowing? The concept of domain shadowing has first appeared in 2011, and domain shadowing attack is defined as the creating new subdomains to intervene in traffic flow by attackers. Domain shadowing is the process of creating subdomains by domain owners using credentials. Subdomains are created for legitimate domains. For cyber criminals, domain […]
cms vulnerability

How Companies are Hacked via Basic CMS Vulnerabilities

CMS Vulnerabilities; What is CMS? CMS (Content Management Systems) is a computer application that supports the creation and modification of digital content [1]. Basically, we use it for website management and preparation. Over time, many organizations have developed their own custom CMS software. With the increase of these software, in 1995, CNET developed the idea […]
cms vulnerability

Smart Solution, Smart Aggregation

Smart Solution, Smart Aggregation; Think of the vast amount patch related of vulnerabilities you get after an automatic scan; for example insecure Apache httpd version. Frequently, these issues can be grouped since they are related to Apache httpd and instead of using different names one can show all these vulnerabilities using a single name. This […]
Ecosystem Cyber Risk Manager

Passive Vulnerability Scan & Early Notice for Non Remotely Scannables

Passive Vulnerability Scan; Vulnerabilities such as MS15-034 are big deal for information security specialists who have to keep up with the critical security patches on high pressure business environments. In one hand they know that the cat is out of bag and they have to find out their vulnerable servers, however, on the other hand […]

Steep Increase in Discovered Vulnerabilities in 2014

Vulnerabilities in 2014; According to the Secunia, a total of 15,435 vulnerabilities were discovered in 3,870 products during 2014. This is a 55% increase compared to the previous 5 year long discovered vulnerability trend. Another important piece of information is that of those 15,435 vulnerabilities 60% of them are triggered remotely. Yet another proof that […]
Rapid Cyber Risk Scorecard

Express Yourself by Comparing Vulnerabilities

Express Yourself by Comparing Vulnerabilities; Penetration tests result in reports, that’s the usual output. But when having more than one penetration tests, it’s not that frequent to have a report comparing vulnerabilities found previously/after. In NormShied you can easily produce comparison reports aiming exactly this in seconds. The idea is to see newly found vulnerabilities […]