Operations | Monitoring | ITSM | DevOps | Cloud

Patrick DeVivo is a software engineer and founder of MergeStat, an open source project that makes it possible to query the contents, history, and metadata of source code with SQL. The security posture of software supply chains has been a significant topic lately. Recent high-profile breaches have shown the importance of managing risks from third party code. Take, for example, the Log4Shell vulnerability (tracked as CVE-2021-44228 — Grafana Labs was not affected).

In this article, we explore the features and capabilities of the top five vulnerability scanning tools so that you can consider all the key factors before selecting one.

Two new zero-day exploits that affect the Chromium browser core were reported on April 14th. And since both Chrome and Microsoft Edge are based on it, Google advised to update the browsers. The vulnerabilities CVE-2023-2033 and CVE-2023-2136 can lead to remote code execution and have already been fixed. But that doesn't mean that's the end of the problem.

As the digital world becomes more interconnected, cyber threats evolve and become more sophisticated, putting businesses and individuals at risk. On February 14, 2023, Microsoft announced a critical vulnerability in the Windows Common Log File System (CLFS) driver, known as CVE-2023-23376. This vulnerability allows attackers to elevate privileges and gain unauthorized access to sensitive data, potentially resulting in severe consequences for affected systems.

As you likely be all too aware, there is a Microsoft Outlook zero-day vulnerability listed under CVE-2023-23397. With the increased attacks on Outlook this month, Microsoft has pushed out fixes for about 80 Windows flaws. More information on some of those patches can be found in my colleague Lewis Pope’s March 2023 Patch Tuesday blog. Lewis was also kind enough to send over the remediation script for both N-able N-central and N-able N-sight.

Coding is a big part of building an application. But, most of the time, you don’t write the entire code. Yes, you don't! Some people, usually big companies, provide pre-written codes for certain standard functions - like loggers, APIs, etc. This is because these functions work the same way in most applications; they require only simple fine-tuning to be adapted for your program as well. In such a case, writing it all from scratch would be a waste. And that is why developers use libraries.

As we move into the new year, organizations can expect the number of cyberattacks to increase significantly. In order to battle these upcoming threats, effective patching and patch management processes will be essential. Before patching vulnerabilities, there are two main vulnerability assessments that IT teams should focus on: CVE & CVSS scores. Below, we’ll examine the importance of CVE & CVSS scores along with some of their uses and benefits in the cybersecurity space.

Vulnerability management should be among the highest priorities of organizations, especially within their IT environments. Skybox Security reports, “vulnerabilities have more than tripled over the past ten years.” With this exponential increase, they also report that cybercrime has continuously evolved and become a more complex threat. Vulnerability management aims to assert a level of control over this ever-present issue in the IT space.