Ransomware, phishing, denial of service attacks: according to a recent study, 84 per cent of the companies surveyed are concerned about the security of their IT systems and see a further increase in the threat situation. For good reason, as companies are also concerned about outdated code, data theft by employees, inadequate protection of company […]
Before this year, 3,000 CVEs (Common Vulnerabilities and Exposures) had never been published in a single month. 2024 has been a string of record breaking months for vulnerability disclosure; over 5,000 CVEs were published in May 2024. While June offered a lapse from the storm, some may be questioning whether delivering a secure software product is simply impossible. Even vendors with the most capital and market share – Apple, Google, Microsoft – and vendors of enterprise grade network and security appliances – Cisco, Citrix, Fortinet, Ivanti, Juniper, PaloAlto – have all presented perpetually insecure products to market. What insurmountable hurdles could be preventing stronger application security? Are secure software products truly an impossibility?
One possible truth is: being first to market with new features is considered paramount to gaining competitive edge, stealing priority from security. Other suggestions are more conspiratorial. The Cyber Resilience Act [1][2], set to be enforced in late 2027, may create more accountability, but is still a long way down the road. Cyber defenders need to stay vigilant, implement cybersecurity best practices, be proactive about detecting security gaps, and remediate them in a timely fashion; easy to say, but a monstrous feat indeed.
In this month’s edition of Greebone’s Threat Tracking blog post we will review culprits in a recent trend – increased exploitation of edge network devices.
Cyber threat actors are increasingly exploiting vulnerabilities in network perimeter services and devices. The network perimeter refers to the boundary that separates an organization’s internal network from external networks, such as the internet and is typically home to critical security infrastructure such as VPNs, firewalls, and edge computing services. This cluster of services on the network perimeter is often called the Demilitarized Zone, or DMZ. Perimeter services serve as an ideal initial access point into a network, making them a high value target for cyber attacks.
Greenbone’s Threat Tracker posts have previously covered numerous edge culprits including Citrix Netscaler (CitrixBleed), Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, PaloAlto PAN-OS and Juniper Junos. Let’s review new threats that emerged this past month, June 2024.
CVE-2022-42475 (CVSS 9.8 Critical), a severe remote code execution vulnerability, impacting FortiGate network security appliances has been implicated by the Dutch Military Intelligence and Security Service (MIVD) in a new cyber espionage campaign targeting Western governments, international organizations, and the defense industry. The MIVD disclosed details including attribution to a Chinese state hacking group. The attacks installed a new variant of an advanced stealthy malware called CoatHanger, specifically designed for FortiOS that persists even after reboots and firmware updates. According to CISA, CVE-2022-42475 was previously used by nation-state threat actors in a late-2023 campaign. More than 20,000 FortiGate VPN instances have been infected in the most recent campaign.
One obvious takeaway here is that an ounce of prevention is worth a pound of cure. These initial access attacks leveraged a vulnerability over a year old, and thus were preventable. Cybersecurity best practices dictate that organizations should deploy regular vulnerability scanning and take action to mitigate discovered threats. Greenbone Enterprise feed includes detection for CVE-2022-42475.
P2Pinfect, a peer-to-peer (P2P) worm targeting Redis servers, has recently been modified to deploy ransomware and cryptocurrency miners as observed by Cado Security. First detected in July 2023, P2Pinfect is a sophisticated Rust-based malware with worm capabilities meaning that recent attacks exploiting CVE-2022-0543 (CVSS 10 Critical) against unpatched Redis servers, can automatically spread to other vulnerable servers.
Since CVE-2022-0543 was published in February 2022, organizations employing compliant vulnerability management should already be impervious to the recent P2Pinfect ransomware attacks. Within days of CVE-2022-0543 being published, Greenbone issued multiple Vulnerability Tests (VTs) [1][2][3][4][5] to the Community Edition feed that identify vulnerable Redis instances. This means that all Greenbone users globally can be alerted and protect themselves if this vulnerability exists in their infrastructure.
The Canadian Centre for Cyber Security issued an alert due to observed active exploitation of CVE-2024-24919 (CVSS 8.6 High), which has also been added to CISA’s catalog of known exploited vulnerabilities (KEV). Both entities have urged all affected organizations to patch their systems immediately. The vulnerability may allow an attacker to access information on public facing Check Point Gateways with IPSec VPN, Remote Access VPN, or Mobile Access enabled and can also allow lateral movement via unauthorized domain admin privileges on a victim’s network.
This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances. Check Point has issued instructions for applying a hotfix to mitigate CVE-2024-24919. “Hotfixes” are software updates issued outside of the vendor’s scheduled update cycle to specifically address an urgent issue.
CVE-2024-24919 was just released on May 30th, 2024, but very quickly became part of an attack campaign further highlighting a trend of diminishing Time To Exploit (TTE). Greenbone added active check and passive banner detection vulnerability tests (VTs) to identify CVE-2024-24919 within days of its publication allowing defenders to swiftly take proactive security measures.
In a hot month for Juniper Networks, the company released a security bulletin (JSA82681) addressing multiple vulnerabilities in Juniper Secure Analytics optional applications, another new critical bug was disclosed; CVE-2024-2973. On top of these issues, Juniper’s Session Smart Router (SSR) was outed for having known default credentials [CWE-1392] for its remote SSH login. CVE-2024-2973 (CVSS 10 Critical) is an authentication bypass vulnerability in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products that are running in high-availability redundant configurations and allows an attacker to take full control of an affected device.
Greenbone Enterprise vulnerability test feed provides detection for CVE-2024-2973 and remediation information is provided by Juniper in their security advisory (JSA83126). Finally, Greenbone includes an active check to detect insecure configuration of Session Smart Router (SSR), by verifying if it is possible to login via SSH with known default credentials.
Last month we discussed how one of Greenbone’s own security researchers identified and participated in the responsible disclosure of CVE-2024-4837, impacting Progress Software’s Telerik Report Server. This month, another vulnerability in the same product was added to CISA’s actively exploited catalog. Also published in May 2024, CVE-2024-4358 (CVSS 9.8 Critical) is an Authentication Bypass by Spoofing Vulnerability [CWE-290] that allows an attacker to obtain unauthorized access. Additional information, including temporary mitigation workaround instructions are available from the vendor’s official security advisory.
Also in June 2024, Progress Software’s MOVEit Transfer enterprise file transfer tool was again in the hot seat with a new critical severity vulnerability; CVE-2024-5806, having a CVSS 9.1 Critical assessment. MOVEit was responsible for the biggest data breaches in 2023 affecting over 2,000 organizations.
Greenbone issued an active check and version detection vulnerability tests (VTs) to detect CVE-2024-24919 within days of their publication, and a VT to detect CVE-2024-5806 within hours, allowing defenders to swiftly mitigate.
Even tech giants struggle to deliver software free from vulnerabilities, underscoring the need for vigilance in securing enterprise IT infrastructure – threats demand continuous visibility and swift action. The global landscape is rife with attacks against perimeter network services and devices as attackers large and small, sophisticated and opportunistic seek to gain a foothold on an organization’s network.
At the esteemed #OSXP2023 event, that took place in Paris, our participation in the “Cybersécurité et open source” roundtable brought forward critical discussions on improving cybersecurity in companies. The panel, including distinguished experts from the academic and governmental sectors, delved into strategies and points of vigilance essential for robust cybersecurity.
Security by Design: A Leadership Commitment
A Mentality Focused on Secure and Protected Solutions
Adherence to Standards and Automation
No Deployment Without Security Compliance
Dedicated Security Teams and Training
Vigilance as a Continuous Effort
Mandatory Multi-Factor Authentication (MFA)
Vulnerability Scanners and Dependance Management
In conclusion, the panel at #OSXP2023, including our expert Corentin Bardin, a cyber security specialist and pen tester, highlighted the importance of continuous education and staying updated in the rapidly evolving cybersecurity landscape. They advocated for the use of open-source tools to bolster security measures.
The key takeaway from the discussion is the commitment to offering secure services. It’s not just about the tools and processes; it’s about the mindset and ongoing effort to stay vigilant and informed.
Update from 2023-12-06:
Last week, we reported on pro-Russian hacktivists scanning for vulnerable SharePoint Servers to exploit a critical vulnerability (CVE-2023-29357).
New findings suggest that the group, calling themselves “Zarya”, is undertaking various exploit-attempts, including directory traversal and targeting specific vulnerabilities in systems such as OpenWRT-Routers. The IP address 212.113.106.100, associated with these activities, has been observed in several different exploit attempts. In addition to simple reconnaissance, specific attacks on configuration files and Admin-APIs have been detected. This case re-emphasizes the importance of securing systems against such threats and shows, how unprotected or poorly configured systems can become targets of such attacks.
A critical vulnerability for Sharepoint (CVE-2023-29357), is being targeted by presumably pro-Russian attackers who are trying to exploit this vulnerability.
The Internet Storm Center has discovered corresponding activity on its honeypots. The severity for this vulnerability is critical (a score of 9.8 out of 10), and the attack complexity is very low, making this vulnerability particularly dangerous. Greenbone customers can benefit from the automatic detection of this vulnerability in our Enterprise Feed. Microsoft offers a security update since June 12, 2023, Microsoft customers who missed the update should install it now.
In the November 2023 commVT Intelligence Update, several critical vulnerabilities and security threats have come to light. Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI) was found to be vulnerable to two actively exploited critical vulnerabilities, allowing attackers to execute arbitrary code remotely. The curl command-line tool, widely used across various platforms, faced a serious vulnerability that could result in arbitrary code execution during SOCKS5 proxy handshakes. VMware is urging immediate updates for its vCenter Server due to a critical vulnerability potentially leading to remote code execution. Multiple vulnerabilities were found in versions of PHP 8; one is a particularly critical deserialization vulnerability in the PHAR extraction process. Additionally, SolarWinds Access Rights Manager (ARM) was found susceptible to multiple critical vulnerabilities, emphasizing the urgency to update to version 2023.2.1. Lastly, two F5 BIG-IP vulnerabilities were discovered to be actively exploited, with mitigation options available and outlined below.
Two actively exploited critical CVSS 10 vulnerabilities were discovered in Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI); CVE-2023-20198 and CVE-2023-20273. Combined, they allow an attacker to remotely execute arbitrary code as the system user and are estimated to have been used to exploit tens of thousands of vulnerable devices within the past few weeks. Greenbone has added detection for both the vulnerable product by version [1], and another aimed at detecting the BadCandy implanted configuration file [2]. Both are VTs included in Greenbone’s Enterprise vulnerability feed.
Cisco IOS was created in the 1980s and used as the embedded OS in the networking technology giant’s routers. Fast forward to 2023, IOS XE is a leading enterprise networking full-stack software solution that powers Cisco platforms for access, distribution, core, wireless, and WAN. IOS XE is Linux-based, and specially optimized for networking and IT infrastructure, routing, switching, network security, and management. Cisco devices are pervasive in global IT infrastructure and used by organizations of all sizes, including large-scale enterprises, government agencies, critical infrastructure, and educational institutions.
Here’s how the two recently disclosed CVEs work:
• CVE-2023-20198 (CVSS 10 Critical): Allows a remote, unauthenticated attacker to create an account [T1136] on an affected system with privilege level 15 (aka privileged EXEC level) access [CWE-269]. Privilege level 15 is the highest level of access to Cisco IOS. The attacker can then use that account to gain control of the affected system.
• CVE-2023-20273 (CVSS 7.2 High): A regular user logged into the IOS XE web UI, can inject commands [CWE-77] that are subsequently executed on the underlying system with the system (root) privileges. This vulnerability is caused by insufficient input validation [CWE-20]. CVE is also associated with a Lua-based web-shell [T1505.003] implant dubbed “BadCandy”. BadCandy consists of an Nginx configuration file named `cisco_service.conf` that establishes a URI path to interact with the web-shell implant but requires the webserver to be restarted.
Cisco has released software updates for mitigating both CVEs in IOS XE software releases, including versions 17.9, 17.6, 17.3, and 16.12 as well as available Software Maintenance Upgrades (SMUs) and IT security teams are strongly advised to urgently install them. Cisco has also released associated indicators of compromise (IoC), Snort rules for detecting active attacks, and a TAC Technical FAQs page. Disabling the web UI prevents exploitation of these vulnerabilities and may be suitable mitigation until affected devices can be upgraded. Publicly released proof of concept (PoC) code [1][2] and a Metasploit module further increase the urgency to apply the available security updates.
A widespread vulnerability has been discovered in the popular curl command line tool, libcurl, and the many software applications that leverage them across a wide number of platforms. Tracked as CVE-2023-38545 (CVSS 9.8 Critical), the flaw makes curl overflow a heap-based buffer [CWE-122]] in the SOCKS5 proxy handshake that can result in arbitrary code execution [T1203]. Greenbone’s community feed includes several NVTs [1] to detect many of the affected software products and will add additional detections for CVE-2023-38545 as more vulnerable products are identified.
CVE-2023-38545 is a client-side vulnerability exploitable when passing a hostname to the SOCKS5 proxy that exceeds the maximum length of 255 bytes. If supplied with an excessively long hostname, curl is supposed to use local name resolution and pass it on to the resolved address only. However, due to the CVE-2023-38545 flaw, curl may actually copy the overly long hostname to the target buffer instead of copying just the resolved address there. The target buffer, being a heap-based buffer, and the hostname coming from the URL results in the heap-based overflow.
While the severity of the vulnerability is considered high because it can be exploited remotely and has a high impact to the confidentiality, integrity, and availability (CIA) of the underlying system, the SOCKS5 proxy method is not the default connection mode and must be declared explicitly. Additionally, for an overflow to happen an attacker also needs to cause a slow enough SOCKS5 handshake to trigger the bug. All versions of curl are affected between v7.69.0 (released March 4th, 2020) until v8.3.0. The vulnerable code was patched in v8.4.0 commit 4a4b63daaa.
CVE-2023-34048 is a critical severity vulnerability that could allow a malicious actor with network access to vCenter Server to cause an out-of-bounds write [CWE-787] potentially leading to remote code execution (RCE). The affected software includes VMware vCenter Server versions 6.5, 6.7, 7.0, and 8.0. VMWare has issued a security advisory to address both vulnerabilities which states that there are no known mitigations other than installing the provided updates. Both vulnerabilities can be detected by Greenbone’s enterprise vulnerability feed [1]. The vCenter Server patch also fixes CVE-2023-34056, a medium-severity information disclosure resulting from improper authorization [CWE-285].
Although there are no reports that CVE-2023-34048 is being actively exploited in the wild attackers have proven adept at swiftly converting threat intelligence into exploit code. Research by Palo Alto Networks Unit 42 threat research group shows that on average an exploit is published 37 days after a security patch is released.
Here are some brief details on both CVEs:
• CVE-2023-34048 (CVSS 9.8 Critical): vCenter Server contains an out-of-bounds write [CWE-787] vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability to achieve remote code execution (RCE). The Distributed Computing Environment Remote Procedure Call (DCERPC) protocol facilitates remote procedure calls (RPC) in distributed computing environments, allowing applications to communicate and invoke functions across networked systems.
• CVE-2023-34056 (CVSS 4.3 Medium): vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Several vulnerabilities were identified in PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3. Although the group of vulnerabilities does include one critical and two high-severity vulnerabilities, these require particular contexts to be present for exploitation; either deserializing PHP applications using PHAR or else using PHP’s core path resolution functions on untrusted input. Greenbone’s enterprise VT feed includes multiple detection tests for these vulnerabilities across multiple platforms.
Here are brief descriptions of the most severe recent PHP 8 vulnerabilities:
• CVE-2023-3824 (CVSS 9.8 Critical): A PHAR file (short for PHP Archive) is a compressed packaging format in PHP, which is used to distribute and deploy complete PHP applications in a single archive file. While reading directory entries during the PHAR archive loading process, insufficient length checking may lead to a stack buffer overflow [CWE-121], potentially leading to memory corruption or remote code execution (RCE).
• CVE-2023-0568 (CVSS 8.1 High): PHP’s core path resolution function allocates a buffer one byte too small. When resolving paths with lengths close to the system `MAXPATHLEN` setting, this may lead to the byte after the allocated buffer being overwritten with NULL value, which might lead to unauthorized data access or modification. PHP’s core path resolution is used for the `realpath()` and `dirname()` functions, when including other files using the `include()`, `include_once()`, `require()`, and `require_once()`, and during the process of resolving PHP’s “magic” constants” such as `__FILE__` and `__DIR__`.
• CVE-2023-0567 (CVSS 6.2 Medium): PHP’s `password_verify()` function may accept some invalid Blowfish hashes as valid. If such an invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid [CWE-287]. Notably, this vulnerability has been assigned different CVSS scores by NIST (CVSS 6.2 Medium) and the PHP group CNA (CVSS 7.7 High), the difference being that the PHP Group CNA considers CVE-2023-0567 a high risk to confidentiality while NIST does not. CNAs are a group of independent vendors, researchers, open source software developers, CERT, hosted service, and bug bounty organizations authorized by the CVE Program to assign CVE IDs and publish CVE records within their own specific scopes of coverage.
SolarWinds Access Rights Manager (ARM) prior to version 2023.2.1 is vulnerable to 8 different exploits; one critical and two additional high-severity vulnerabilities (CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187). These include authenticated and unauthenticated privilege escalation [CWE-269], directory traversal [CWE-22], and remote code execution (RCE) at the most privileged “SYSTEM” level. Greebone’s Enterprise vulnerability feed includes both local security check (LSC) [1] and remote HTTP detection [2].
SolarWinds ARM is an enterprise access control software for Windows Active Directory (AD) networks and other resources such as Windows File Servers, Microsoft Exchange services, and Microsoft SharePoint as well as virtualization environments, cloud services, NAS devices, and more. The widespread use of ARM and other SolarWinds software products means that its vulnerabilities have a high potential to impact a wide range of large organizations including critical infrastructure.
These and more recent vulnerabilities are disclosed in SolarWinds’ security advisories. Although no reports of active exploitation have been released, mitigation is highly recommended and available by installing SolarWinds ARM version 2023.2.1.
Two RCE vulnerabilities in F5 BIG-IP, CVE-2023-46747 (CVSS 9.8 Critical) and CVE-2023-46748 (CVSS 8.8 High), have been observed by CISA to be actively exploited in the wild soon after PoC code was released for CVE-2023-46747. A Metasploit exploit module has also since been published. F5 BIG-IP is a family of hardware and software IT security products for ensuring that applications are always secure and perform the way they should. The platform is produced by F5 Networks, and it focuses on application services ranging from access and delivery to security. Greenbone has added detection for both CVEs [1][2].
CVE-2023-46747 is a remote authentication bypass [CWE-288] vulnerability while CVE-2023-46748 is a remote SQL injection vulnerability [CWE-89] that can only be exploited by an authenticated user. The affected products include the second minor release (X.1) for major versions 14-17 of BIG-IP Advanced Firewall Manager (AFM) and F5 Networks BIG-IP Application Security Manager (ASM).
If you are running an affected version you can eliminate this vulnerability by installing the vendor-provided HOTFIX updates [1][2]. The term “hotfix” implies that the patch can be applied to a system while it is running and operational, without the need for a shutdown or reboot. If updating is not an option, CVE-2023-46747 can be mitigated by downloading and running a bash script that adds or updates the `requiredSecret` attribute in the Tomcat configuration, which is used for authentication between Apache and Tomcat, and CVE-2023-46748 can be mitigated by restricting access to the Configuration utility to allow only trusted networks or devices, and ensuring only trusted user accounts exist thereby limiting the attack surface.
Our developers have provided vulnerability tests for two critical vulnerabilities in widely used enterprise software. Within a very short time, tests for CVE 2023-22518 und CVE 2023-46747 were integrated, and customers of Greenbone’s Enterprise Feed were protected.
Knowledge management tools Confluence and Jira from Australian vendor Atlassian have been hit by a serious security vulnerability, rated 9.8 out of 10 on the CERT scale. Since November 8, CVE 2023-22518 has been actively exploited by attackers gaining unauthorized access to company data, according to media reports.
According to the company, the “authentication flaw” affects all versions of Confluence Data Center and Server, but not the cloud version at Atlassian itself. For anyone else, including users of Jira, but especially all publicly accessible Confluence servers, there is a “high risk and need to take immediate action”, writes Atlassian.
We reacted quickly and provided our customers with appropriate tests before ransomware attacks could be successful. Customers of the Greenbone Enterprise Feed were warned and reminded of the patch via update.
Remote code execution: F5 BIG-IP allows request smuggling
Also at the end of October, security researchers from Praetorian Labs discovered a serious vulnerability (CVE-2023-46747) in the products of application security expert F5. The American company’s solutions are designed to protect large networks and software environments; the software, which was launched in 1997 as a load balancer, is primarily used in large enterprises.
However, according to the experts, attackers can remotely execute code on the BIG-IP servers by adding arbitrary system commands to the administration tools via manipulated URLs. Details can be found at Praetorian; patches are available, and a long list of BIG-IP products of versions 13, 14, 15, 16, and 17 are affected, both in hardware and software.
We reacted quickly and integrated tests into its vulnerability scanners on the same day, which test the BIG-IP installations at Greenbone Enterprise for vulnerable versions and, if necessary, point to the patches listed at F5.
Our vulnerability management products, the Greenbone Enterprise Appliances, offer the best protection.
Professional vulnerability management is an indispensable part of IT security. It enables the early detection of risks and provides valuable instructions for their elimination.
The Greenbone Enterprise Feed is updated daily to detect new vulnerabilities. We therefore recommend that you regularly update and scan all your systems. Please also read this article on IT security and the timeline of common attack vectors.
On November 2, Federal Minister of the Interior Nancy Faeser and Claudia Plattner, President of the Federal Office for Information Security (BSI), presented the latest report on the state of IT security in Germany. Attacks with ransomware represent the largest and most frequent risk, but by far not the only one. As long as these attacks cannot be completely prevented, systems must become more secure in order to prevent or at least reduce damage.
In Germany, there are a number of initiatives to improve vulnerability management. These include the National IT Security Act (IT-SiG) and the BSI’s IT-Grundschutz Compendium. The “nationwide situation picture” rightly called for by BSI President Claudia Plattner can thus map the threat situation to the situation of vulnerable systems, thereby helping to warn in advance and respond quickly and effectively in the specific event of an attack.
“Digitization makes many things in our everyday lives easier. At the same time, it creates new areas of attack,” says Federal Minister of the Interior Nancy Faeser. We need to counter the growing risks posed by progressive networking with automated tools and processes. By using them, companies and organizations can better protect their IT systems and reduce the probability of a successful cyber attack.
Insecure systems make it easier for attackers to cause damage. Improving vulnerability management is therefore an important step toward increasing IT security in Germany.Insecure systems make it easier for attackers to wreak havoc. Improving vulnerability management is therefore an important step towards increasing IT security in Germany.
On October 10th, Citrix officially informed about the vulnerability in the Netscaler software, CVE-2023-4966, which is categorized as “critical” according to CVSS with a score of 9.4 and allows unauthorized access to corporate networks.
Greenbone has reacted to these vulnerabilities and implemented vulnerability tests at an early stage. Greenbone customers using the Citrix Netscaler Gateway, or ADC, are therefore on the safe side.
Nevertheless, the vulnerability is serious, which is why the BSI issues an urgent warning:
“The vulnerability allows attackers to disclose sensitive information without authentication. This allows authenticated sessions to be hijacked and multifactor authentication (MFA) or other means of authentication to be bypassed”.
The vulnerability, which has been actively exploited since the end of August, has been reported in numerous media outlets. Users should install the patches provided by Citrix as soon as possible. Citrix’s NetScaler ADC and NetScaler Gateway products, versions 13 and 14, and versions 12 and 13 of NetScaler ADC are affected. In addition to CVE-2023-4966, an advisory has been issued for CVE-2023-4967, which allows a Denial of Service (DoS).
Keep your IT networks secure!
Vulnerability management is a key tool in securing IT networks. It enables you to identify and eliminate potential risks in your systems. The Greenbone Enterprise Feed is updated daily to detect new vulnerabilities. Therefore, we recommend regular updates and scans for all your systems. Please also read this article about IT security and the timeline of common attack vectors.
The Greenbone Enterprise Appliances are offered as hardware or as virtual appliances. Greenbone works GDPR-compliant and offers an open-source solution. This means the best data protection compliance and is thus guaranteed to be completely free of backdoors.
