XM Cyber Advisory – OpenSSL Critical Vulnerability
Overview According to the OpenSSL team, on November 1st, 2022, a new version, number 3.0.7 will be released (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html). It’s interesting to note that…
Continuous Controls Monitoring: Automatically Identifying Gaps in Security Controls
Today, we are going to talk about something that might not score too high on anyone’s “Oh wow, I’ve been wondering about that” list….
Why Attack Surface Management is Essential for Cybersecurity
If you want to defend yourself, you need to know everywhere that you’re vulnerable. Then, you need to start eliminating those weaknesses. That’s the…
What Is the Difference Between Vulnerability Assessment and Vulnerability Management?
If you have an extremely valuable asset, you need a smart strategy to protect it. Unfortunately, many organizations are operating without one. That lack…
What Are the Different Types of Vulnerability Assessment?
How do we best protect what’s most valuable to us? That’s a question that we all wrestle with. For today’s enterprises, few things are…
4 Top Methods Attackers Use to Move Across Your Hybrid Networks and Compromise Business-critical Assets
Cybersecurity is a cat-and-mouse game, and it’s important for defenders to be able to anticipate the likely methods attackers will use to compromise their…
What Is Proactive Cyber Defense?
Cybercrime is obstructing business and governments worldwide. No longer just an IT problem, it is the biggest threat to organizations’ reputation and business continuity….
CISOs and Their Boards are Failing to Communicate — with Disastrous Results for Enterprise Security
Why changing your reporting approach is the key to connecting with your board and protecting your most critical assets. Today’s CISOs understand that cyber-risk…
How to Combat Advanced Persistent Threats
Imagine the following Security Operations (SecOps) scenario. A large organization conducts regular audits of its security controls. It monitors a collection of intrusion detection…
Chaining together Active Directory attack techniques to give your organization the edge against attackers
Debuting at RSA 2022 we will show the industry how we can link the use of Active Directory (AD) into the entire attack path,…
Decrypting VMware Workstation Passwords for Fun
Overview At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments. What you’re about to…
Our security is only as strong as our ability to manage it: The necessity of Attack Path Management for the Hybrid Cloud
Now it’s no secret businesses have ramped up and driven the adoption of the cloud faster than any period previously. One of the key…
Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.