Assetnote

Our Security Research team discovered a critical vulnerability in Craft CMS (CVE-2024-56145). This vulnerability allows attackers to execute arbitrary code without authentication and should be addressed immediately. It is a critical issue, with a CVSS score of 9.3. We wrote up our findings at our blog here: https://lnkd.in/gxJuwEEt An official advisory was released by Craft CMS here: https://lnkd.in/gzxdhtYg #attacksurfacemanagement #securityresearch

Beyond Data Collection: The Missing Piece in Attack Surface Management A key insight from our podcast: The security industry has a data obsession, but data alone doesn't protect your organization. 🔍 The Traditional Approach: - Bigger wordlists - Faster tools - More data processing - Wider scanning ❌ Why This Falls Short: Raw data without context is just noise. Real security requires: - Actionable intelligence - Business context - Risk prioritisation - Offensive security insight 💡 The AssetNote Difference: We combine: - Advanced data collection - Security expertise - Offensive mindset - Practical workflows To transform raw data into actionable security intelligence. ⚡️ The Result: - Focused priorities - Clear action items - Efficient workflows - Real risk reduction This is why our platform doesn't just collect data - it helps you understand what that data means for your security posture. Ready to move beyond data overload to actual security insights? Spotify: https://buff.ly/3YN4H3D Apple Podcasts: https://buff.ly/3TuyLzg YouTube: https://buff.ly/3Xl6uMM 🔍 Request a demo: assetnote.io/demo #AttackSurfaceManagement #CyberSecurity

Hidden in Plain Sight: The Cloud Security Challenge Modern cloud infrastructure is transforming how applications are deployed. But it's also creating massive blind spots in traditional security scanning. 🌐 Real-World Examples: - Akamai WAF with global IP distribution - Wildcard certificates masking subdomains - Vercel & Heroku's subdomain-based routing - Cloud platforms with dynamic load balancing 🚨 The Security Impact: Traditional IP-based scanning tools miss these complex architectures entirely. As more developers adopt cloud platforms for deployment, the gap between what exists and what's discovered grows wider. 💡 The Solution: Passive DNS data and subdomain mapping are becoming crucial for modern attack surface management. Is your security strategy aligned with modern cloud architecture? 🎧 Learn more in Surfacing Security: Spotify: https://buff.ly/3BFRth2 Apple Podcasts: https://buff.ly/3TTe6F3 YouTube: https://buff.ly/3ZfTb28 🔍 Request a demo: assetnote.io/demo #CloudSecurity #AttackSurfaceManagement #SecurityStrategy #AppSec

In the last month, our security research team has deep-dived into CVE-2024-8534, which affects Citrix NetScaler. This vulnerability, described as a memory safety vulnerability leading to memory corruption and Denial of Service and rated a CVSS 8.4, caught our attention. We worked towards reproducing the issue and creating high signal checks within our platforms that security teams could trust without causing any disruption while still providing industry-leading rapid response. You can read our research here: https://lnkd.in/gRgUrfTd

Pioneering Security Research Integration 🔍 For six years, we've taken a different path in security - moving beyond CVE-centric approaches to build something new. Our Journey: - Built deep security research capabilities - Integrated research directly into our platform - Developed new detection methodologies - Created a research-driven security approach The result? We find security exposures that CVE-based tools miss completely. 🎧 Learn about our research-driven approach: - Spotify: https://buff.ly/3BFRth2 - Apple Podcasts: https://buff.ly/3TTe6F3 - YouTube: https://buff.ly/3B8CLzx 📱 See it in action: buff.ly/3Co0Tyc #SecurityResearch #AppSec #InfoSec

🔍 Navigating Today's Complex Security Landscape Our Surfacing Security podcast explores the evolving challenges in IT security. Key insights include: - The evolution and current implications of shadow IT - Limitations of common security assessment methods, including rating tools and questionnaires - Real-world vulnerabilities in critical software systems - Strategies for enhancing visibility and transparency across IT ecosystems - The crucial role of proactive security measures and effective disclosure processes Discover how to strengthen your organization's approach to these complex security challenges. 🎧 Listen to Surfacing Security: Apple Podcasts: https://buff.ly/3BgRuYO Spotify: https://buff.ly/3XHxeXW YouTube: https://buff.ly/3THKD0U 🔍 Request a demo: assetnote.io/demo #CyberSecurity #ShadowIT #ProactiveSecurity #SecurityAssessment

The landscape of Attack Surface Management is rapidly changing. In our Surfacing Security Podcast, we explore how ASM has evolved from simple asset discovery to comprehensive, automated solutions. We discuss the importance of continuous monitoring and how modern approaches differ from traditional pen-testing methods. Are you keeping up with these changes in your security strategy? 🎧 Listen to Surfacing Security: Apple Podcasts: https://buff.ly/3TDm3hH Spotify: https://buff.ly/3Xxiegp YouTube: https://buff.ly/48AKEtX 🔍 Request a demo: assetnote.io/demo #AttackSurfaceManagement #CybersecurityTrends

🎯 Attack Surface Management Must Cover Modern Environments Over the last 10 years, Attack Surfaces have evolved. With the introduction of SaaS, CDNs and Cloud Platforms, the IT environment has expanded significantly. Many legacy scanners and IP centric scanning approaches are unable to cover these assets effectively. Given the shift, we designed Assetnote to cover these modern attack surfaces at scale. Learn how we approach automated, reliable exposure detection in our Surfacing Security Spotify: https://buff.ly/4e56SGb Apple Podcasts: https://buff.ly/3Zjo4Dn YouTube: https://buff.ly/494nZGg 💡 Get a complete view of your attack surface: buff.ly/3Co0Tyc #InformationSecurity #ASM #SecurityAutomation #CyberSecurity #IT

Rethinking Attack Surface Management: Beyond Asset Discovery 🔍 In our latest podcast episode, we dive into why the core principles of ASM need to evolve beyond traditional tooling. True ASM is built on fundamental pillars: ✅ Asset awareness and visibility ✅ Real-time monitoring ✅ Scalability ✅ High-signal detection But here's the key insight: discovering assets isn't enough. The real value comes from what organizations do with that visibility. It's about turning insight into action. We explore how this shift in thinking can transform your security operations and deliver real business value. Want to understand what makes ASM truly effective? Learn more in our Surfacing Security podcast episode 🎧: Spotify: https://buff.ly/4e56SGb Apple Podcasts: https://buff.ly/3Zjo4Dn YouTube: https://buff.ly/494nZGg 💡 Get a complete view of your attack surface: assetnote.io/demo #SecurityOperations #ASM #CyberSecurity #AttackSurface #SecurityStrategy

The Evolution of Attack Surface Management: Beyond IP-Based Scanning Traditional internet-wide scanning revolutionized security discovery when it emerged. But in today's cloud-first world, is it enough? Modern infrastructure utilising: - Web Application Firewalls - Content Delivery Networks - TLS SNI routing - Virtual host-based routing These create significant blind spots in traditional IP-centric scanning approaches. The reality? Your attack surface is likely larger than your IP-based tools suggest. Modern architecture requires modern discovery methods. 🎧 Explore this critical security gap in our Surfacing Security podcast: Spotify: https://buff.ly/3BFRth2 Apple Podcasts: https://buff.ly/3TTe6F3 YouTube: https://buff.ly/3ZfTb28 🔍 Request a demo: assetnote.io/demo #SecurityLeadership #CloudSecurity #ASM #AttackSurfaceManagement