Month: August 2018

Everyone in the technology industry processing credit card data is familiar with PCI DSS and the associated process to get attested on a quarterly basis from a QSA ( Qualified Security Assessor ). In addition to the quarterly attestation , organizations also have to go through audits both internal and external audits to maintain PCI […]

Upgrade to Apache Struts version 2.3.35 or 2.5.17 ASAP ! If you use Apache Struts ( remember Equifax ? ) please upgrade to the versions mentioned above. As always NVD is lagging behind on details so dont depend on your scanning solutions to detect this in your environment just yet, CVE-2018-11776

The National Vulnerability Database (NVD) is considered to be the single source of truth for all software / hardware vulnerabilities that are in the public domain. However a few things get overlooked which makes it far less desirable to be relied upon when it comes to designing your vulnerability management program. Lets look at them. […]

                    With organizations moving towards higher levels of digitalization, the role of software has increased multifold. This has led to increased numbers of data breaches and the average size [1] of data breach has increased 1.8 in 2017. A breach is defined as an event in […]

One of the previous blogs on this topic provided an overview about vulnerability management for cloud environments using ThreatWatch. As the blog mentioned , there are two essential aspects to be able to meet that objective. Getting alerted when a cloud provider makes new patches available. Adopting a risk based approach towards applying patches and […]