runZero Blog

June 8, 2023

The risks of using spreadsheets for cyber asset management

An accurate and full asset inventory is vital for an effective security program. Understand the risks and limits of using spreadsheets to manage cyber assets, and how runZero compares.

June 3, 2023

Finding MOVEit File Transfer Services

Reports of active exploitation of a zero-day vulnerability in the MOVEit file transfer software are making the rounds this week. The vendor, Progress Software, has released an advisory and this issue has now been assigned CVE-2023-34362. Attackers are abusing a SQL injection …

Read More

June 2, 2023

Finding Barracuda Email Security Gateways

Exploitation of Barracuda Email Security Gateway (ESG) appliances has made the news recently, including on-going investigation into the attacks. Leveraging a zero-day vulnerability as far back as October 2022, attackers compromised ESG targets to deploy malware that created …

Read More

May 31, 2023

Finding Zyxel Network Devices

Last month, Zyxel disclosed a remote command execution vulnerability affecting a handful of their product families. This vulnerability has been assigned CVE-2023-28771, and with a CVSSv3 score of 9.8, this vulnerability is considered highly critical. Attackers who send a …

Read More

May 30, 2023

Why EDR agents are inadequate for cyber asset management

When incident responders find assets that are compromised but can’t find them in the asset inventory, many teams realize that they went down the wrong path; EDR works well for endpoint protection but not asset inventory. Let’s examine why.

May 17, 2023

Finding Cisco Small Business Switches

Cisco recently disclosed several highly critical vulnerabilities that affect some of their Ethernet switches designed for small businesses. With a CVSSv3 score of 9.8, these vulnerabilities (assigned CVE-2023-20024, CVE-2023-20156, and CVE-2023-20157) are due to various …

Read More

May 12, 2023

runZero’s week at RSA 2023: killer robots, time machines, and natural disasters

Watch Chris Kirsch chat with Chris Nickerson, then Roger Rustad to talk pentesting “war stories”, and how runZero has helped the Fortinet team.

May 9, 2023

runZero 3.8: Identify and triage your riskiest assets, track goals, identify even more things, and delete your password

What’s new with runZero 3.8? Identify and triage risky assets Public preview of goal tracking Protocol improvements New and improved fingerprints Passwordless logins Identify and triage risky assets runZero customers can now identify risky assets across their …

Read More

April 20, 2023

Finding PaperCut MF and NG servers

PaperCut recently revealed that two products in its popular line of print server software contain severe vulnerabilities currently being exploited in the wild. Reported via the Trend Micro Zero Day Initiative, these vulnerabilities can be exploited by unauthenticated …

Read More

April 13, 2023

Asset inventory is foundational to security programs

Asset inventory is the foundation of a strong cybersecurity posture. It is often considered the first step in identifying vulnerabilities and potential risks to your organization’s security.

Subscribe to our blog

Stay in the loop with the latest news!

We won't share your email. Unsubscribe at any time.