June 22, 2021
For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.
June 9, 2021
RabbitMQ is a popular open source message broker, used worldwide by companies like T-Mobile and SolarWinds. Its flexibility and speed makes it easy to integrate with other applications, such as SolarWinds Orion Platform. Since we previously reported CVE-2021-29221 against the popular programming language Erlang, we suspected RabbitMQ would be vulnerable to a similar local privilege escalation attack.
June 2, 2021
Atlassian Confluence Server is a popular web-based corporate content management system, allowing remote teams to collaborate efficiently on projects. With over sixty thousand customers including Docker, Linkedin, and Twilio, vulnerabilities in Confluence could have a significant impact on a large user base.
June 1, 2021
Today, we’re excited to announce the release of DeepSurface 2.2! Release 2.2 brings some exciting new features and changes in the form of tags and some UI/UX updates that make the product even easier to use.
April 30, 2021
We’re thrilled to announce DeepSurface 2.1, an improvement on DeepSurface 2.0 that makes it even easier to use. We’ve reorganized some things, added different nomenclature for increased efficiencies allowing you discover and remediate risk even faster.
April 13, 2021
Octopus Deploy is a popular DevOps automation platform that enables teams to more efficiently manage configuration, API keys, and permissions. Octopus Server allows users to self-host this platform, and is installed as a service on the host. This service runs as Local System and is a very impactful target for local privilege escalation exploits.
April 6, 2021
Our mission is to equip cybersecurity teams with the best predictive vulnerability prioritization platform and allow them to quickly identify and reduce more cybersecurity risk every day. To that end, we’re proud to announce the release of DeepSurface 2.0!
April 4, 2021
Erlang is a popular general-purpose programming language and runtime environment, with support for concurrency commonly found on many distributed systems. When distributed on Windows machines, the Erlang emulator can also be run as a service with the erlsrv.exe command. This seems to be commonly used with popular software, such as CouchDB.
March 17, 2021
AttackIQ has added Atomic Red Team to our assessment library, bolstering our testing capabilities to further improve our customers’ security effectiveness.
