Japan urged to adhere to US cybersecurity standards. Report finds AI could increase production of fake sexual abuse imagery. Read More
The CyberWire
The all in one place for non-profit security aid.
Japan urged to adhere to US cybersecurity standards. Report finds AI could increase production of fake sexual abuse imagery. Read More
The CyberWire
How to choose a free vulnerability scanner: Insights from an industry veteran
The cybersecurity market is awash with expensive, high-end solutions for detecting vulnerabilities in third-party applications. However, for smaller security teams, free vulnerability scanners offer a practical alternative.
But of course, free doesn’t always mean better—it’s crucial to thoroughly assess free vulnerability scanners before integrating one into your security protocols.
How to choose a free vulnerability scanner? Industry expert Robert Elworthy, NA Solutions Engineering Manager at ThreatDown, has the answers.
Robert has a wealth of experience from his tenure as IT manager at Langdale Industries, where he managed a network of over 500 endpoints. In this article, we’ll break down his advice on selecting a free vulnerability scanner
Let’s dive into the essentials.
Related: How to find vulnerabilities in your IT environment
Limits on the number of scannable endpoints are common with free vulnerability scanners. While a small business with a few devices might find them sufficient, larger enterprises with hundreds of endpoints could exceed these limits.
Elworthy, reflecting on his Langdale experience, highlights the importance of a tool capable of handling large-scale environments efficiently, a critical aspect for organizations with extensive networks:
“Free tools often struggle with large networks,” Elworthy said. “It’s important to choose a tool that can handle large-scale environments without compromising efficiency, especially for organizations with extensive networks, where the ability to scale effectively is crucial.”
Different scanners have varied requirements. Some scanners need agents installed on each endpoint for in-depth insights, while others conduct less intrusive remote scans.
Elworthy emphasizes the need for scanners that minimize the complexity of agent installations, especially in large and diverse IT landscapes:
“Often, when you opt for a free tool, you might need to run the software on-premises or integrate it into your network. This becomes particularly challenging with remote work and constantly shifting targets,” Elworthy said. “How do you deploy an agent to gather the necessary information? It’s not always straightforward with free tools.”
The effectiveness of a vulnerability scanner is largely measured by its reporting capabilities, but free vulnerability scanners might provide basic reports that overlook critical remediation details.
“You must consider how you can utilize the data once it’s acquired. Some tools may display the data, but offer limited reporting or feedback capabilities, which can be a significant limitation,” Elworthy said.
Cyber threats evolve rapidly, and so must your scanner. Tools like OWASP ZAP are updated frequently but require users to stay on top of these updates manually, which could add to your team’s workload.
“Without ongoing support, free tools risk becoming outdated as new vulnerabilities are discovered,” Elworthy said. “To make sure your organization isn’t unaware of emerging threats, you should confirm a free vulnerability scanner has a process for frequently updating its vulnerability database.”
Integration with other security tools is crucial. Elworthy stressed the importance of tools that aid in both vulnerability identification and remediation:
“It’s important to have a scanner that not only detects vulnerabilities but also offers guidance on remediation.” Elworthy said. “Many free tools don’t automatically patch vulnerabilities found during scans since remediation is a separate process. Integrating with patch management is critical to easily fix any vulnerabilities found.”
The labor involved in configuring, updating, and mastering free vulnerability scanners represents a substantial investment. Elworthy points out the hidden labor costs in using “free” tools, which can affect team efficiency:
“The time and labor required to maintain scans and update tools can be significant,” Elworthy said, reflecting on his time at Langdale. “There are often-overlooked costs associated with ‘free’ vulnerability scanners. They may not require direct financial investment, but the manpower and time needed for their effective operation can be substantial.”
For teams seeking a streamlined approach, the ThreatDown Vulnerability Assessment solution, free for all ThreatDown customers, offers:
To simplify security and reduce costs, Vulnerability Assessment deploys easily in minutes without a reboot, using the same agent and cloud-based console that powers all ThreatDown endpoint security technologies.
Identifies vulnerabilities in modern and legacy applications in less than a minute.
Utilizes the Common Vulnerability Scoring System (CVSS) and Cybersecurity and Infrastructure Security Agency (CISA) recommendations to evaluate and rank vulnerabilities for proper prioritization.
Our Security Advisor tool to analyzes an organization’s cybersecurity health—such as by assessment of current inventory and which assets are vulnerable—and generates a score based off what it finds. To improve the endpoint security health score, Security Advisor delivers recommendations to address discovered vulnerabilities: patching, updates, or policy changes.
Opting for a free vulnerability scanner is about more than avoiding expenses. It’s about striking the right balance between cost, functionality, and available resources.
The ThreatDown Vulnerability Assessment solution simplifies the process with features like a lightweight agent, quick vulnerability scans, accurate severity ratings based on CVSS and CISA guidelines, and integration with Security Advisor for tailored recommendations and ThreatDown Patch Management for automated remediation.
Interested in adding Patch Management capabilities as well? Check out ThreatDown Advanced, Ultimate, and Elite bundles.
Related: 3 benefits of ThreatDown bundles
Malwarebytes
Critical ASUS Router Flaw Attacker Executes Arbitrary Commands
A critical vulnerability has been discovered in several models of ASUS routers. It allows unauthenticated remote attackers to execute arbitrary system commands on the affected devices.
The flaw, identified as CVE-2024-3912, has been assigned a CVSS score of 9.8, indicating its high severity.
According to the Twcert reports, Carlos Köpke from PLASMALABS reported the vulnerability, which is due to an arbitrary firmware upload vulnerability present in various ASUS router models.
By exploiting this flaw, attackers can remotely execute arbitrary commands on the compromised routers without requiring any authentication.
The following ASUS router models are affected by this vulnerability:
DSL-N17U
DSL-N55U_C1
DSL-N55U_D1
DSL-N66U
DSL-N14U
DSL-N14U_B1
DSL-N12U_C1
DSL-N12U_D1
DSL-N16
DSL-AC51
DSL-AC750
DSL-AC52U
DSL-AC55U
DSL-AC56U
ASUS has released firmware updates to address this critical vulnerability.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Users are strongly advised to update their affected routers to the following firmware versions:
For models DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, and DSL-N66U: Update to version 1.1.2.3_792 or later.
For models DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, and DSL-N14U_B1: Update to version 1.1.2.3_807 or later.
For models DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U: Update to version 1.1.2.3_999 or later.
Several older models, including DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52, and DSL-AC55, are no longer maintained.
Users of these models are advised to replace their routers.
If replacement is not feasible in the short term, it is recommended that remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, and port trigger features be disabled to mitigate the risk of exploitation.
The discovery of this critical vulnerability in ASUS routers highlights the importance of regularly updating the router firmware and replacing end-of-life devices.
Users are urged to take immediate action to protect their networks from potential attacks by applying the necessary firmware updates or replacing affected routers.
ASUS has proactively addressed this issue and provided timely fixes to ensure the security of its customers.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post Critical ASUS Router Flaw Attacker Executes Arbitrary Commands appeared first on Cyber Security News.
Cisco addresses zero-days.
A second zero-day is used to exploit IOS XE devices compromised through an earlier zero-day last week. Read More
The CyberWire