Vulnerability Management news and publications #1

Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management. On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are arguments in favor of news reviews. Keeping track of the news is part of our job as vulnerability and security specialists. And preferably not only headlines. I usually follow the news using my automated telegram channel @avleonovnews. And it looks like this: I see something interesting in the channel, I copy it to Saved Messages so that I can read it later. Do I read it later? Well, usually not. Therefore, the creation of news reviews motivates to read and clear Saved Messages. Just like doing Microsoft Patch Tuesday reviews motivates me to watch what’s going on there. In general, it seems it makes sense to make a new attempt. Share in the comments what you think about it. Well, if you want to participate in the selection of news, I will be glad too. I took 10 news items from Saved Messages and divided them into 5 categories: Active Vulnerabilities 01:31 🔴 “CISA warns of hackers exploiting PwnKit Linux vulnerability (CVE-2021-4034)” by BleepingComputer 03:14 🔴 “Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)” by Qualys Data sources 05:27 🟠 “New Vulnerability Database Catalogs Cloud Security Issues” by DarkReading & Wiz Analytics 07:23 🟢 “MITRE shares this year’s list of most dangerous software bugs (CWE Top 25)” by BleepingComputer 09:06 🟠 “Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing” by DarkReading & Tetra Defense 11:07 🔴 “Zero-Days Aren’t Going Away Anytime Soon & What Leaders Need to Know” by DarkReading & Arctic Wolf VM vendors write about Vulnerability Management 13:57 🟡 “Why We’re Getting Vulnerability Management Wrong” by DarkReading & Rezilion 16:41 🔴 “Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0” by Qualys 20:37 🟢 “Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management” by Threatpost & Secpod 22:25 de-Westernization of IT Blogpost: #VulnerabilityManagement #InformationSecurity