Michael Tucker

We are excited to announce the release of a new and improved NopSec platform – NopSec Cyber Threat Exposure Management….

We are pleased to announce that after a thorough evaluation process, NopSec has been rated as a Strong Performer in…

Cyber threat exposure management (CTEM) tools are a new technology replacing traditional vulnerability prioritization tools (VPT). They were created to…

NopSec is proud to announce it has successfully completed the System and Organization Controls (SOC) 2 Type II examination in…

When evaluating any software solution for purchase, ROI is one of the most crucial parts of that evaluation. Without communicating…

NopSec is proud to announce the release of a new feature this week aimed at enhancing our users’ workflows! We…

So, you’re looking to take your vulnerability management game to the next level with a vulnerability prioritization tool (VPT). Well,…

Under the umbrella of risked-based vulnerability management (RBVM) live a host of tools who’s applications correspond to various stages of…

When it comes to cybersecurity, there are two points of view to always consider – the external and the internal….

The Problem with Vulnerability Assessment Scanners If you’re reading this post, chances are you’re looking to take the next step…

Risk Score Update Key Takeaways NopSec is announcing the first in a series of updates to our Risk Scoring Machine…

What is Vulnerability Management lifecycle? Vulnerability management lifecycle —Discovery, Detection, Prioritization, Remediation, Validation and Program Intelligence. What is an asset? …

NopSec’s Vulnerability Risk Management Platform Enables Organizations to Better Manage Business Risk. New York, NY – NopSec,Inc., a leader in…

NopSec and CrowdStrike are pleased to announce that the two companies have entered into a global technology partnership, integrating NopSec’s leading enterprise Vulnerability…

Analysis of Verizon 2020 DBIR Report: Vulnerability Management Implications Webinar presented by Michelangelo Sidagni. THIS WEBINAR COVERED… • Asset management…

In celebration of  International Women’s Day 2020, NopSec and Mastercard partner to commemorate women in tech, diversity and product leadership…

NopSec, a leader in vulnerability and cyber threat management, attended Fal.Con UNITE 2019, CrowdStrike Cybersecurity Conference. We have gathered on…

Still CVE-2019-14287 – Linux Sodo Vulnerability Linux Sodo Vulnerability, tracked as CVE-2019-14287, has been a nightmare for IT & cyber-security…

CVE-2019-14287 – Linux Sodo Vulnerability Description A flaw was found in the way sudo implemented running commands with arbitrary user…

CVE-2019-1367 – MICROSOFT ZERO-DAY VULNERABILITY – OUT-OF-BAND PATCH, Again Microsoft zero-day vulnerability is still trending on social media and we…

CVE-2019-16759 – vBulletin Remote Code Execution Description vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in…

CVE-2019-1367 – Microsoft Zero-Day Vulnerability – Out-of-band Patch Description A remote code execution vulnerability exists in the way that the…

CVE-2019-0708 – BLUEKEEP Exploit Has Been Released The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT &…

Still CVE-2019-11510 – Pulse Secure VPN CVE-2019-11510 has been a nightmare for IT & cyber-security teams for the past 2…

Security risk professionals need to assess asset values to add business context to vulnerability management prioritization. NopSec understands that it…

CVE-2019-11510 – Pulse Secure VPN Description  In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before…

CVE-2019-1181 – Wormable Windows Remote Desktop Flaw  Description  A remote code execution vulnerability exists in Remote Desktop Services – formerly…

CVE-2019-1125 – SWAPGS Vulnerability Description  An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An…

NopSec offers role-based access control (RBAC) that give you flexibility to determine the level of permissions and access scope that…

In Unified VRM, permissions can be set for each user based on their role and their access. Roles can be…

CVE-2019-13272 – Linux Kernel Privilege Escalation Vulnerability Alert Description  In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the…

NopSec’s Threat and Vulnerability Risk Management platform, Unified VRM, exposes a REST API with Unified VRM Vulnerability Export API. It…

NopSec bidirectionally syncs a single source of truth to organizations’ IT ecosystems Organizations often have several tools as a part…

CVE-2019-2107 – Android devices could be hacked by playing a video Description  This vulnerability could lead to remote code execution…

CVE-2019-6342 – Drupal Core Access Bypass Vulnerability Description  According to its self-reported version, in Drupal 8.7.4, when the experimental Workspaces…

CVE-2019-1132 – Win32k Elevation of Privilege Vulnerability Description  An elevation of privilege vulnerability exists in Windows when the Win32k component…

CVE-2017-11774 – Microsoft Outlook Security Feature Bypass Vulnerability Description  A security feature bypass vulnerability exists when Microsoft Outlook improperly handles…

Again, CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT…

CVE-2019-11477 – SACK Panic Remote Command Execution Flaw in Exim is still trending on social media and we extensively covered…

CVE-2019-10149 – Remote Command Execution Flaw in Exim The BlueKeep vulnerability is still the number one trending vulnerability on social…

CVE-2018-15664 – Docker Vulnerability The BlueKeep vulnerability is still trending on social media and we extensively covered CVE-2019-0708 in May…

Still CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT…

CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability NopSec advises you to apply patches immediately. Description CVE-2019-0708 is a critical remote…

CVE-2019-0604 – Microsoft SharePoint Remote Code Execution Vulnerability Description A remote code execution vulnerability exists in Microsoft SharePoint when the…

CVE-2019-3396 – Widget Connector Macro in Atlassian Confluence Server Last week, we covered CVE-2019-2725 which was a vulnerability in the…

CVE-2019-2725 – Oracle WebLogic Server Zero-Day Vulnerability Description CVE-2019-2725 is a vulnerability in the Oracle WebLogic Server component of Oracle…

CVE-2019-0859 – Yet Another Windows Zero-Day Vulnerability Last week, we covered an elevation of privilege vulnerability in Win32k component of…

CVE-2019-0859 – Yet Another Windows Zero-Day Vulnerability Description This week’s trending vulnerability may sound eerily familiar. CVE-2019-0859 is an elevation…

NopSec Inc, a leader in vulnerability prioritization, remediation workflow automation and breach prediction announces the appointments of three new Board…

Antivirus software is one of the oldest and the most ever present security control against malware and various types of…

CIS 20 Security Controls represent one of the reference frameworks of the most critical controls an organization can implement to…

Data is power virtually everywhere, and it’s all about how you utilize that information. In business, you can use data…

If you’re in the financial industry (or working as a provider with such organizations), you most likely have already heard…

Time and again, we hear from information security leaders who have invested in vulnerability risk management (VRM) technology and are…

Scanning is an important part of a well-established vulnerability risk management program. Vulnerability scanners allow you to identify the threats…

Since product launch (2012), Unified VRM has been rapidly expanding with new features and advanced automation solutions for security professionals….

Automation Strikes Back! There are tons of technologies out there that are trying to “AUTOMATE” every aspect of human life….

OpenVAS (Open Vulnerability Assessment Scanner) – is an open source security vulnerability scanner and manager. It is an open source…

At NopSec, we are using vagrant and packer to spin up local dev environments and build our instances across the various hypervisor and cloud…

With the time, effort and resources that companies dedicate to penetration testing, it can be frustrating (at best) to not…

Note: This article was updated in June 2022. Risk Based Vulnerability management is the ongoing practice of detecting, classifying, prioritizing,…

I loved the opening paragraph in a recent article titled, “How Attackers Choose Which Vulnerabilities To Exploit” by Michael Cobb,…