February 22, 2023
No one can deny that we are suffering from an overflow of vulnerabilities that is overwhelming and intensifying every year.
The Common Vulnerability Scoring System (CVSS) was all we had to work with so far. This “one size fits all” severity ranking for vulnerabilities may help prioritize remediation action. However, without the context of the vulnerability location, exploitability and compensating controls, we are left with a crippled score leading to substantial remediation cycles of wasted items that don’t need fixing, and we’re missing out on those who really do.
The good news is that attack-based scoring is here to lead us on a new path – The Pentera Score.
<Previous
The Ransomware Tangle
Ransomware is likely, unless we do five things about it. Countdown style: #5. Keep your software up to date #4. Use a solid backup strategy (3-2-1), backup your data regularly #3. Be cautious of suspicious emails and links, scan aggressively incoming emails for the purpose to strip any executable content #2. Follow the rules of […]
Next>
Cyber Heaven & Hell
You’re all secure and ready. Then a new zero-day vulnerability is found in your IT infrastructure. Most recently it was OpenSSL 3.0 (CVE-2022-3602 – Remote Code Execution and CVE-2022-3786 – Denial of Service). It’s not the first time, nor will it be the last. The good news is that there is a way to be […]