-
NopSec Announces Release of New Cyber Threat Exposure Platform
We are excited to announce the release of a new and improved NopSec platform – NopSec Cyber Threat Exposure Management….
-
2023 Forrester VRM Wave: NopSec Rated as a Strong Performer
We are pleased to announce that after a thorough evaluation process, NopSec has been rated as a Strong Performer in…
-
Three Major Signs You Need a Cyber Threat Exposure Management Tool
Cyber threat exposure management (CTEM) tools are a new technology replacing traditional vulnerability prioritization tools (VPT). They were created to…
-
NopSec Retains Soc 2 Type II Status for Second Straight Year
NopSec is proud to announce it has successfully completed the System and Organization Controls (SOC) 2 Type II examination in…
-
How to ROI a Cyber Threat Exposure Management Tool with Excel Instructions
When evaluating any software solution for purchase, ROI is one of the most crucial parts of that evaluation. Without communicating…
-
Feature Update: Vulnerability Query Builders
NopSec is proud to announce the release of a new feature this week aimed at enhancing our users’ workflows! We…
-
How Much Does a Vulnerability Prioritization Tool (VPT) Cost
So, you’re looking to take your vulnerability management game to the next level with a vulnerability prioritization tool (VPT). Well,…
-
What’s the Difference Between Vulnerability Assessment Scanners and Vulnerability Prioritization Tools
Under the umbrella of risked-based vulnerability management (RBVM) live a host of tools who’s applications correspond to various stages of…
-
How to Identify Cybersecurity Attack Paths from the Attacker’s Perspective
When it comes to cybersecurity, there are two points of view to always consider – the external and the internal….
-
Buyer’s Guide for Evaluating Cyber Threat Exposure Management (CTEM) Tools
The Problem with Vulnerability Assessment Scanners If you’re reading this post, chances are you’re looking to take the next step…
-
Feature Update: NopSec Risk Scoring Algorithm Improvements
Risk Score Update Key Takeaways NopSec is announcing the first in a series of updates to our Risk Scoring Machine…
-
Vulnerability Management FAQ
What is Vulnerability Management lifecycle? Vulnerability management lifecycle —Discovery, Detection, Prioritization, Remediation, Validation and Program Intelligence. What is an asset? …
-
NopSec Drives the Vulnerability Management Standards with Latest Release of Program Intelligence Module
NopSec’s Vulnerability Risk Management Platform Enables Organizations to Better Manage Business Risk. New York, NY – NopSec,Inc., a leader in…
-
NopSec – CrowdStrike Joint Solution Brief
NopSec and CrowdStrike are pleased to announce that the two companies have entered into a global technology partnership, integrating NopSec’s leading enterprise Vulnerability…
-
Webinar – Analysis of Verizon 2020 DBIR Report: Vulnerability Management Implications
Analysis of Verizon 2020 DBIR Report: Vulnerability Management Implications Webinar presented by Michelangelo Sidagni. THIS WEBINAR COVERED… • Asset management…
-
International Women’s Day 2020 – NopSec & Mastercard Partnership
In celebration of International Women’s Day 2020, NopSec and Mastercard partner to commemorate women in tech, diversity and product leadership…
-
NopSec Attended Fal.Con Unite 2019 Event
NopSec, a leader in vulnerability and cyber threat management, attended Fal.Con UNITE 2019, CrowdStrike Cybersecurity Conference. We have gathered on…
-
Trending CVEs for the Week of October 21st, 2019
Still CVE-2019-14287 – Linux Sodo Vulnerability Linux Sodo Vulnerability, tracked as CVE-2019-14287, has been a nightmare for IT & cyber-security…
-
Trending CVEs for the Week of October 14th, 2019
CVE-2019-14287 – Linux Sodo Vulnerability Description A flaw was found in the way sudo implemented running commands with arbitrary user…
-
Trending CVEs for the Week of October 7th, 2019
CVE-2019-1367 – MICROSOFT ZERO-DAY VULNERABILITY – OUT-OF-BAND PATCH, Again Microsoft zero-day vulnerability is still trending on social media and we…
-
Trending CVEs for the Week of September 30th, 2019
CVE-2019-16759 – vBulletin Remote Code Execution Description vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in…
-
Trending CVEs for the Week of September 23rd, 2019
CVE-2019-1367 – Microsoft Zero-Day Vulnerability – Out-of-band Patch Description A remote code execution vulnerability exists in the way that the…
-
Trending CVEs for the Week of September 16th, 2019
CVE-2019-0708 – BLUEKEEP Exploit Has Been Released The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT &…
-
Trending CVEs for the Week of September 2nd, 2019
Still CVE-2019-11510 – Pulse Secure VPN CVE-2019-11510 has been a nightmare for IT & cyber-security teams for the past 2…
-
Asset Value
Security risk professionals need to assess asset values to add business context to vulnerability management prioritization. NopSec understands that it…
-
Trending CVEs for the Week of August 26th, 2019
CVE-2019-11510 – Pulse Secure VPN Description In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before…
-
Trending CVEs for the Week of August 19th, 2019
CVE-2019-1181 – Wormable Windows Remote Desktop Flaw Description A remote code execution vulnerability exists in Remote Desktop Services – formerly…
-
Trending CVEs for the Week of August 12th, 2019
CVE-2019-1125 – SWAPGS Vulnerability Description An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An…
-
Unified VRM Role-Based Access Control (RBAC)
NopSec offers role-based access control (RBAC) that give you flexibility to determine the level of permissions and access scope that…
-
Unified VRM Role Permissions
In Unified VRM, permissions can be set for each user based on their role and their access. Roles can be…
-
Trending CVEs for the Week of August 5th, 2019
CVE-2019-13272 – Linux Kernel Privilege Escalation Vulnerability Alert Description In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the…
-
Risk Management Platform: Unified VRM Vulnerability Export API
NopSec’s Threat and Vulnerability Risk Management platform, Unified VRM, exposes a REST API with Unified VRM Vulnerability Export API. It…
-
Unified VRM Fuser
NopSec bidirectionally syncs a single source of truth to organizations’ IT ecosystems Organizations often have several tools as a part…
-
Trending CVEs for the Week of July 29th, 2019
CVE-2019-2107 – Android devices could be hacked by playing a video Description This vulnerability could lead to remote code execution…
-
Trending CVEs for the Week of July 22nd, 2019
CVE-2019-6342 – Drupal Core Access Bypass Vulnerability Description According to its self-reported version, in Drupal 8.7.4, when the experimental Workspaces…
-
Trending CVEs for the Week of July 15th, 2019
CVE-2019-1132 – Win32k Elevation of Privilege Vulnerability Description An elevation of privilege vulnerability exists in Windows when the Win32k component…
-
Trending CVEs for the Week of July 8th, 2019
CVE-2017-11774 – Microsoft Outlook Security Feature Bypass Vulnerability Description A security feature bypass vulnerability exists when Microsoft Outlook improperly handles…
-
Trending CVEs for the Week of July 1st, 2019
Again, CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT…
-
Trending CVEs for the Week of June 17th, 2019
CVE-2019-11477 – SACK Panic Remote Command Execution Flaw in Exim is still trending on social media and we extensively covered…
-
Trending CVEs for the Week of June 10th, 2019
CVE-2019-10149 – Remote Command Execution Flaw in Exim The BlueKeep vulnerability is still the number one trending vulnerability on social…
-
Trending CVEs for the Week of June 3rd, 2019
CVE-2018-15664 – Docker Vulnerability The BlueKeep vulnerability is still trending on social media and we extensively covered CVE-2019-0708 in May…
-
Trending CVEs for the Week of May 27th, 2019
Still CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT…
-
Trending CVEs for the Week of May 20th, 2019
CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability NopSec advises you to apply patches immediately. Description CVE-2019-0708 is a critical remote…
-
Trending CVEs for the Week of May 13th, 2019
CVE-2019-0604 – Microsoft SharePoint Remote Code Execution Vulnerability Description A remote code execution vulnerability exists in Microsoft SharePoint when the…
-
Trending CVEs for the Week of May 6th, 2019
CVE-2019-3396 – Widget Connector Macro in Atlassian Confluence Server Last week, we covered CVE-2019-2725 which was a vulnerability in the…
-
Trending CVEs for the Week of April 29th, 2019
CVE-2019-2725 – Oracle WebLogic Server Zero-Day Vulnerability Description CVE-2019-2725 is a vulnerability in the Oracle WebLogic Server component of Oracle…
-
Trending CVEs for the Week of April 22nd, 2019
CVE-2019-0859 – Yet Another Windows Zero-Day Vulnerability Last week, we covered an elevation of privilege vulnerability in Win32k component of…
-
Trending CVEs for the Week of April 15th, 2019
CVE-2019-0859 – Yet Another Windows Zero-Day Vulnerability Description This week’s trending vulnerability may sound eerily familiar. CVE-2019-0859 is an elevation…
-
NopSec Accelerates Enterprise Growth And Appoints Three Industry Veterans To The Board Of Advisors
NopSec Inc, a leader in vulnerability prioritization, remediation workflow automation and breach prediction announces the appointments of three new Board…
-
Pen Testing Toolkit: Tools & Antivirus Software Evasion Techniques
Antivirus software is one of the oldest and the most ever present security control against malware and various types of…
-
CIS 20 Controls: Utilizing CIS 20 Critical Controls for Vulnerability Prioritization
CIS 20 Security Controls represent one of the reference frameworks of the most critical controls an organization can implement to…
-
Knowledge (Data) is Power in Vulnerability Management
Data is power virtually everywhere, and it’s all about how you utilize that information. In business, you can use data…
-
Key Milestone Dates: NYDFS Cybersecurity Regulations
If you’re in the financial industry (or working as a provider with such organizations), you most likely have already heard…
-
Improving Business Outcomes With VRM
Time and again, we hear from information security leaders who have invested in vulnerability risk management (VRM) technology and are…
-
What Matters Most: Remediating Vulnerabilities
Scanning is an important part of a well-established vulnerability risk management program. Vulnerability scanners allow you to identify the threats…
-
Unified VRM 4.0: Usability for SecOps
Since product launch (2012), Unified VRM has been rapidly expanding with new features and advanced automation solutions for security professionals….
-
Vulnerability Management Myths
Automation Strikes Back! There are tons of technologies out there that are trying to “AUTOMATE” every aspect of human life….
-
Docker-based OpenVAS Scanning Cluster to Improve Scope Scalability
OpenVAS (Open Vulnerability Assessment Scanner) – is an open source security vulnerability scanner and manager. It is an open source…
-
Vagrant Boxes: Private Vagrant Box Hosting With Easy Versioning
At NopSec, we are using vagrant and packer to spin up local dev environments and build our instances across the various hypervisor and cloud…
-
Successful Account Penetration: The Key to a Successful Penetration Test
With the time, effort and resources that companies dedicate to penetration testing, it can be frustrating (at best) to not…
-
Vulnerability Remediation Process & Management: Why is Remediation so Difficult?
Note: This article was updated in June 2022. Risk Based Vulnerability management is the ongoing practice of detecting, classifying, prioritizing,…
-
How Attackers Choose Which Vulnerabilities To Exploit
I loved the opening paragraph in a recent article titled, “How Attackers Choose Which Vulnerabilities To Exploit” by Michael Cobb,…