Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability management is a proactive and continuous process that seeks to keep networks, systems, and general applications as safe as possible from cyberattacks. Vulnerability management is a crucial aspect of security, and it's essential because it can help prevent data breaches that could result in severe damage to organizations. In this article, we'll delve into the definition of vulnerability management, its process, its importance, and some solutions to perform this task.

When creating an application, developers often rely on many different tools, programs, and people. This collection of agents and actors involved in the software development lifecycle (SDLC) is called the software supply chain. The software supply chain refers to anything that touches or influences applications during development, production, and deployment — including developers, dependencies, network interfaces, and DevOps practices.

Security is a never-ending battle on the web. You can have a server up in just a few minutes, and the next minute, someone is already trying to hack into it. These attacks could be automated using malicious bots or launched manually. Websites can be targeted by a malicious user trying to compromise your web presence or data. Cross-site scripting (XSS) is just one type of attack your site may be vulnerable to.

On May 27, 2022, an interesting Microsoft Word doc was uploaded to VirusTotal by an independent security research team called nao_sec. The Word doc contains built-in code that calls an HTML file from a remote source that in-turn executes more (malicious) code and Microsoft Defender for Endpoint misses detection. Two days later, May 29, Kevin Beaumont publishes an article describing the behavior of this Word doc, and deems this a new 0-day vulnerability in Office/Windows products.

Organizations cannot rely on a single source of data on which to base their entire cybersecurity strategy – particularly their vulnerability management programs. Case in point: The National Vulnerability Database, or NVD. This publicly available database of known vulnerabilities covers an enormous array of all the different vulnerabilities that currently affect applications, software and hardware applications.

Vulnerabilities within an IT environment pose a big security risk and are a threat to digital data within an organization. These vulnerabilities can be exploited by others, or a lack of necessary precautions can result in damaged or lost organizational data. Therefore, it is essential to have a vulnerability management process in place for these reasons.

An unpatched vulnerability in a popular C standard library found in a wide range of IoT products and routers could put millions of devices at risk of attack. The vulnerability, tracked as CVE-2022-05-02 and discovered by Nozomi Networks, is present in the domain name system (DNS) component of the library uClibc and its uClibc-ng fork from the OpenWRT team.

On March 29, 2022, a critical vulnerability targeting the Spring Java framework was disclosed by VMware. This severe vulnerability is identified as a separate vulnerability inside Spring Core, tracked as CVE-2022-22965 and canonically named “Spring4Shell” or “SpringShell”, leveraging class injection leading to a full remote code execution (RCE).