Today, VulnCheck released new research revealing that 99% of ProjectSend instances are still vulnerable to a critical vulnerability that has been publicly known for over a year. ?? The vulnerability, which allows attackers to exploit public-facing instances of ProjectSend, was first discovered over 12 months ago. Despite a patch being available for some time, the CVE was only published today by VulnCheck. Even more concerning, public exploits have been circulating for months, including Nuclei templates and a weaponized Metasploit module. ?? Key Takeaways: - Public-facing ProjectSend instances appear to have been exploited by attackers - 99% of ProjectSend instances remain vulnerable and have not upgraded to the patched version released in August. - Public exploits have pre-dated CVE assignment by months, including Nuclei templates and a weaponized Metasploit module. Read the full report to learn more about how attackers are exploiting this vulnerability: https://lnkd.in/ePAdRQVw #InfoSec #VulnerabilityManagement #CVE
关于我们
VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy. The VulnCheck team comprises a who's who of cybersecurity research, with decades of experience uncovering 100s of 0days and 10+ patents. VulnCheck's vulnerability and exploit intelligence equips defenders with the insights they need to focus resources on the vulnerabilities that matter most. That's why VulnCheck has been selected to power government agencies, large enterprises, and the industry's most innovative cybersecurity solutions, covering billions of assets around the world. See what you're missing at www.vulncheck.com.
- 网站
-
https://vulncheck.com
VulnCheck的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 11-50 人
- 总部
- Lexington,MA
- 类型
- 私人持股
- 创立
- 2021
- 领域
- vulnerability management、threat intelligence和vulnerability intelligence
地点
-
主要
US,MA,Lexington,02420
VulnCheck员工
-
Ken Elefant
Partner and Co-Founder at Sorenson Ventures
-
Andrew Peterson
-
Patrick Garrity ??????
Cybersecurity/Vulnerability Researcher
-
Thomas Bain
Chief Marketing Officer, VulnCheck. Experienced B2B Marketing Leader in Cybersecurity. Investor and advisor to early-stage, B2B cyber/AI startup's…
动态
-
VulnCheck’s Patrick Garrity ?????? breaks down the recent Five Eyes Top Routinely Exploited Vulnerably list for Information Security Media Group (ISMG). He covers nation-state threat actor activity and why some of these vulnerabilities are “explicitly malicious.” Get the full story: https://lnkd.in/gDBym9RM
-
VulnCheck Initial Access Intelligence (IAI) equips security teams with detection artifacts to defend against initial access vulnerabilities that are either already or likely to be exploited soon. Last month, we crossed 300+ CVEs that have IAI artifacts, developing artifacts for 21 CVEs, covering 16 different vendors and products. Eleven of the 21 have confirmed exploitation activity as of November 10 – see which ones: https://lnkd.in/ej3DfZ8Y
-
?? Mark your calendars! On December 4, join VulnCheck's Patrick Garrity ?????? for a joint webinar with Carahsoft, "Exploited Vulnerabilities, the Threat Actors Targeting Them, and the Time to Exploration." Key takeaways will include: - ?? The most commonly exploited vulnerabilities and the technologies impacted. - ?? An overview of active threat actors and the vulnerabilities they are targeting. - ?? The timelines of exploitation and how quickly attackers strike after a vulnerability is disclosed. -?? Practical steps for vulnerability prioritization and threat response based on exploitation trends. - ?? How to leverage vulnerability intelligence to stay ahead of emerging threats. Register now: https://hubs.ly/Q02VcnJN0 #ExploitIntelligence #VulnerabilityManagement #ThreatIntelligence
-
ICYM: Check out this on-demand session to see how VulnCheck and Sevco Security enable you to prioritize vulnerabilities based on current exploitation trends, the actual threat posed, and the risk to your business: https://bit.ly/3CLPg4g
-
"It's not all numbers and dashboards—sometimes, success boils down to building trust and a team that clicks." VulnCheck CMO Thomas Bain joined the N2K | CyberWire Cyber CMO Confidential podcast to talk about leadership, culture, and navigating rapid growth at a cybersecurity startup. Give it a listen: https://lnkd.in/eiRHuSB8
-
VulnCheck转发了
The team at VulnCheck did a four week case study on the speed our free community NVD++ offering publishes new CPE. Over the study, NVD++ contained significantly more CPE, significantly faster than NVD. Read more here: https://lnkd.in/eVTrj8AX Due to the nature of the beast, no CPE generation will ever be perfect, but I'm really happy to see how our offering has continued to mature. We owe a lot of thanks to the many people that have adopted NVD++ and provided VulnCheck valuable feedback.
Outpacing NIST NVD with VulnCheck NVD++
vulncheck.com
-
??TODAY! At 1:00 pm ET, join VulnCheck and Cyware to learn how security teams can achieve a new level of intelligence to identify and prioritize emerging threats at scale. Make sure to reserve your spot and register now ?? https://hubs.ly/Q02VbRlq0 #ExploitIntelligence #VulnerabilityManagement #ThreatIntelligence
Mining the Gaps for Emerging Threats
brighttalk.com
-
?? THURSDAY: Don't miss our joint webinar with Cyware, where industry experts will share how security teams can identify gaps in emerging threats and get mission-critical insights to remediate the vulnerabilities that matter most. Reserve your spot and register now: ?? https://hubs.ly/Q02VbRlq0 #ExploitIntelligence #VulnerabilityManagement #ThreatIntelligence
Mining the Gaps for Emerging Threats
brighttalk.com
-
?? Block your calendars! On November 14 at 1:00 pm ET, join VulnCheck and Cyware for our joint webinar, "Mining the Gaps for Emerging Threats." Register now to learn how security teams can achieve a new level of intelligence to identify and prioritize threats at scale. Click the link below for more: https://hubs.ly/Q02VbRlq0 #ExploitIntelligence #VulnerabilityManagement #ThreatIntelligence
Mining the Gaps for Emerging Threats
brighttalk.com