Vulnerability Management Archives

Response to CISA Advisory (AA23-347A): Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.

December 21, 2023 Read More

AttackIQ

CISA and NSA’s Top 10 Control Misconfigurations? Use BAS and MITRE ATT&CK to Defend Against Them

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released their top 10 list of common cybersecurity misconfigurations. Some of these include your standard slew of don’t use default software settings, don’t make weak passwords, and don’t practice poor MFA hygiene. No surprise there for most security teams, but apparently, it’s common enough that they all made the top 10 list of things people do anyway.

December 12, 2023 Read More

Security Control Validation

Customizing AttackIQ Scenarios to Validate Text4Shell Protections

What is the correct way to validate your controls against a Text4Shell or similar library vulnerability? You need an adjustable, open systems testing platform to test the specific aspects of your implementation to accurately assess if your security controls are correctly configured to stop attacks that leverage it.

November 3, 2022 Read More

Center for Threat-Informed Defense

Prioritize and streamline vulnerability management through a threat-informed defense, with new research from the Center for Threat-Informed Defense and the MITRE ATT&CK framework as a foundation.

In today’s information age, where almost every transaction is digitized, organizations face hundreds–and in some…

October 29, 2021 Read More