When a significant vulnerability like Spring4Shell is discovered, how do you determine if you are at risk? Insurance or verification services might require you to run external tests on web properties. These reports often show spurious exposures that may or may not lead to more issues on your website. You must research false-positive reports and inform management whether the item found is acceptable risk.
I’ve seen false positives on external scans due to an open port and associating that port with a known issue even if the service is not run on that port. Whenever you have a pen test or vulnerability scan, know that you can disagree with the findings and explain to the researcher how the item in question is not making you insecure. However, these processes take time away from other security duties, and sometimes we agree with the findings and find workarounds and mitigations as that may be faster than arguing with the auditor.
To read this article in full, please click here
More Stories
Clever Social Engineering Attack Using Captchas
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually...
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and...
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
A new report by Check Point Software highlights a significant increase in cloud security incidents, largely due to a lack...
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
The bank giant and Quantinuum trialed the first application of quantum-secure technology for buying and selling tokenized physical gold Read...
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who...
Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data
Infostealer malware and digital identity exposure behind rise in ransomware, researchers find Read More