New Dazz Connections – September 2024
We’re constantly adding new integrations to help connect the dots between the development, infrastructure, and security tools you know and love to provide unparalleled visibility into your security environment for easier remediation. Here are a few noteworthy new connections we’ve recently added. Tenable Web App Scanning (DAST) Dazz is now able to ingest ... Read More
Windows IPv6 TCP/IP RCE CVE-2024-38063: What is it & What do I do?
What are we talking about?Microsoft’s latest Patch Tuesday released an advisory about CVE-2024-38063, a TCP/IP vulnerability in the Windows operating system.What that means is the vulnerable component in Windows is actually the very fundamental Networking stack, that implements the TCP/IP protocol stack.Microsoft MSRC’s advisory specifies that the vulnerability requires IPv6 ... Read More
Why It’s Time to Fuse Application and Data Security
The average security team has invested heavily in Application and Data Security, yet these initiatives can often be disjointed. Applications act as the gateways to your data ecosystem. Hackers relentlessly probe these entry points for weaknesses, so much so that web applications were involved in 50% of data breaches according ... Read More
Five Levels of Vulnerability Prioritization: From Basic to Advanced
Vulnerabilities are being disclosed at record pace. Since the common vulnerabilities and exposures (CVE) program was established by MITRE in 1999, there have been over 300,000 unique vulnerabilities published - and a significant portion of these have been found in the last few years.Since many of these vulnerabilities are disclosed ... Read More
How ASPM Helps Secure Your Cloud Apps
When we talk to security professionals about ASPM, many immediately start thinking of finding risks in pre-production development environments. While any ASPM solution should be able to unify risks from SCA, SAST, and other scanners used to find risks pre-production, leading ASPM solutions will also provide rich cloud telemetry to give ... Read More
What We Know About Vulnerability Exploitation in 2024 (So Far)
In the world of security vulnerabilities, change is the only constant. There are always new CVEs, new exploits, and new threat actors. A recent study estimates that there will be a 25% increase in vulnerabilities, or roughly 2,900 per month in 2024.With so many vulnerabilities, how can security teams find ... Read More
AI is Now Exploiting Known Vulnerabilities – and what you can do about it
In a recent study from the University of Illinois Urbana-Champaign (UIUC), researchers demonstrated the ability for Language Learning Models (LLMs) to exploit vulnerabilities simply by reading threat advisories. While some are arguing that the sample size was rather small (15 known vulnerabilities), this study still raises very important implications for ... Read More
Maximizing CISA SSVC with the Dazz Unified Remediation Platform
In today's digital age, where cyber threats are rapidly evolving, you need a fast, systematic way to effectively identify and fix critical vulnerabilities before they can be exploited. This is where the combination of the CISA Stakeholder-Specific Vulnerability Categorization (SSVC) framework, CISA Known Exploited Vulnerabilities (KEV) catalog, and Dazz Unified ... Read More
DevSecOps Tools
The goal of DevSecOps is to integrate security practices into the DevOps process. While much of the narrative of DevSecOps has been around writing ‘more secure code’, the narrative has expanded recently. Mature DevSecOps practices now include: Securing development environments themselves (i.e Source Code Management security)‘Code to cloud’ security - ... Read More
New Dazz connections – March 2024
As Dazz expands its customer base and use cases for vulnerability prioritization and remediation, new connections are constantly being built to help customers better prioritize and fix security issues across their entire infrastructure. We’ve recently added several new connections that are helping customers with their remediation operations.Checkmarx SASTDazz now supports ... Read More
