This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.
Read more…
Source: Rapid7
Related:
- UK unveiled new cyber action plan to tackle threats and strengthen public services
January 6, 2026
New measures will be introduced to make online public services more secure and resilient, so people can use them with confidence – whether applying for benefits, paying taxes or accessing healthcare. Backed by over £210 million, the Government Cyber Action Plan published today (Tuesday 6 January) sets out how government will rise to meet the growing ...
- Business continuity isn’t keeping pace with cyber threats, warns Sedgwick CISO
January 2, 2026
Business continuity plans are lagging behind the speed and complexity of modern cyberattacks, according to Eric Schmitt (pictured), chief information security officer at Sedgwick. “In most cases, it is not,” Schmitt said, when asked whether current business continuity frameworks are adapting to today’s cyber threat environment. He drew a sharp line between business continuity and disaster ...
- Threat landscape for industrial automation systems in Q3 2025
December 25, 2025
In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. This is the lowest level for the observed period. Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 9.2% in Northern Europe to 27.4% in Africa. The most ...
- Cisco email security products actively targeted in zero-day campaign
December 19, 2025
A China-affiliated threat actor has been abusing a zero-day vulnerability in multiple Cisco email appliances to gain access to the underlying system and establish persistence. Cisco confirmed the news in a blog post and a security advisory, urging users to apply provided recommendations and harden their networks. In its announcement, Cisco said it first spotted the ...
- South Korea to mandate facial recognition for opening new mobile numbers
December 19, 2025
Korea will make it mandatory for people to undergo facial recognition when opening a new mobile phone number, as part of efforts to root out illegally registered handsets used for scams, the science ministry said Friday. Under the plan, Korea will require the country’s three mobile carriers, SK Telecom Co., KT Corp. and LG Uplus Inc., ...
- CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
December 19, 2025
On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 ...