With more than 10.000 vulnerabilities having critical and high severity scores per year, among questions that arise for prioritization are: Is the vulnerability being used by threat actors? Is there a Proof of Concept (PoC) available online? To this end, we provide our weekly top 5 of hacker-relevant vulnerabilities mainly on the server side. In case you have the corresponding services or products running on your IT assets, please promptly patch.…

83% of security breaches involved external actors, according to Verizon 2023 Data Breach Investigations report (https://www.verizon.com/business/de-de/resources/reports/dbir/). The three primary ways in which attackers accessed an organization are exploitation of vulnerabilities, stolen or default credentials, and social engineering. In our weekly top 5 hacker-relevant vulnerabilities (https://blog.ruhrsecurity.com/posts/weekly-top-5-vulnerabilities/), we have been reporting on vulnerabilities, which are pertinent to threat actors. In this ongoing series, we will provide monthly updates on selected security breaches associated with the reported vulnerabilities.…

Cyber threats are growing and cause trillions of dollars in damages annually. Attack Surface Management helps guide a path to upgraded defenses. It provides organizations with oversight on attack entry points, criticality of entry points, and mitigations to potential risks. In today’s world, organizations operate in an ever-changing cyber threat landscape. The threats are constantly in flux, from opportunistic attacks by individual hackers to more sophisticated tactics employed by nation-state-funded Advanced Persistent Threats (APTs).…

While the cyber warfare on Germany is expanding, alarming facts are overwhelming enterprises: The number of hacker-relevant vulnerabilities is increasing; up to one new vulnerability every two days. The time to spot vulnerable systems is decreasing. It has become a matter of hours to scan the entire Internet for a specific vulnerability. The complexity to hack vulnerabilities is decreasing. An example hacking code is typically published online, and the corresponding toolsets are open source and free of charge.…