NetRise

Most organizations are still struggling to inventory all the software applications, operating systems, and firmware running in their environments. Without this foundational step, true visibility into risks remains out of reach.   At NetRise, we’re tackling this head-on by breaking down software artifacts—applications, OS, firmware—into their core components. This approach unveils an entire new set of data points that have always existed but were previously inaccessible at scale.   The risks we uncover go beyond traditional CVEs. We’re talking about issues like hardcoded credentials, compromised certificates, and misconfigurations that could expose your enterprise to significant threats.   In our recent Supply Chain Visibility & Risk Study, we highlighted the risks hidden in routers, switches, and more—risks far greater than what’s found in most vulnerability databases.   The time for comprehensive software visibility is now. Are you ready to see what’s really lurking in your environment?   #Cybersecurity #SoftwareVisibility #SupplyChainSecurity #EnterpriseRisk #NetRise #SBOM #SCRM

🔒 New Advisory: Iranian Hackers Target Critical Infrastructure A year-long campaign by Iran-backed hackers has been targeting critical infrastructure sectors, including healthcare, government, IT, and energy, using brute force attacks, password spraying, and MFA push bombing. Key findings from the joint advisory (US, Australia, and Canada): • Hackers used brute force techniques to access Microsoft 365, Azure, and Citrix systems. • MFA fatigue attacks flooded users with requests until they unknowingly approved. • Attackers exploited remote access protocols like RDP and Kerberos to escalate privileges and move laterally across networks. 🔍 Detection & Mitigation Tips: • Monitor for suspicious logins, "impossible travel" between IPs, and unusual user agent strings. • Implement phishing-resistant MFA, secure password management, and ensure cybersecurity training is in place. • Stay ahead of evolving threats by reviewing the latest joint advisory recommendations. 🔗 Click the link below for more information. #CybersecurityAwarenessMonth #Cybersecurity #CriticalInfrastructure #MFA #ThreatDetection #SCRM #NetRise #RiskManagement #SoftwareSupplyChain #SoftwareSupplyChainSecurity

🚨 Upcoming Webinar: Software Transparency, SBOM, and Patching Best Practices On October 24 at 12 PM EDT, join NetRise and Action1 for a comprehensive webinar on how to connect SBOM transparency with effective vulnerability remediation. 💡 What you'll learn: • How to bridge the gap between SBOMs and vulnerability management. • Techniques for uncovering hidden software components and vulnerabilities. • Best practices for achieving complete visibility in patching efforts. Speakers: • Thomas Pace Pace, CEO & Co-Founder of NetRise • Mike Walters Walters, President & Co-Founder of Action1 🔗 Save your spot via the link below and participate in a live Q&A to get your pressing questions answered. #Cybersecurity #SBOM #SoftwareSupplyChain #SCRM #SoftWareSupplyChainDetectionAndResponse #VulnerabilityManagement #PatchManagement #NetRise #Action1 #RiskMitigation #DevSecOps

🚨 CISA Releases Updated Guidance on Software Bill of Materials (SBOM) 🚨 The Cybersecurity and Infrastructure Security Agency (CISA) has just published the latest edition of the Framing Software Component Transparency document, created by the SBOM Tooling & Implementation Working Group. This update provides a comprehensive framework for understanding and implementing SBOM, helping organizations achieve greater visibility into the software components they rely on. With supply chain security risks at an all-time high, the adoption of SBOM is becoming more critical than ever. Whether you're involved in software development, procurement, or cybersecurity, this resource is a must-read for staying ahead of potential vulnerabilities in your software supply chain. 🔗 Check out CISA’s full release below. #CybersecurityAwarenessMonth #Cybersecurity #SupplyChainDetectionandResponse #SoftwareSupplyChainSecurity #SoftwareSupplyChain #Procurement #NetRise #RiskManagement #TrustButVerify #SBOM #SupplyChainSecurity #CISA #DevSecOps #Cyber #VulnerabilityManagement #ICS #CriticalInfrastructure

🚨 The Growing Threat of Software Supply Chain Attacks As cyber attackers become more sophisticated, they're increasingly targeting the software supply chain—posing significant risks to enterprises worldwide. By compromising just one software supplier, attackers can breach multiple organizations, causing widespread disruption. In a recent article, NetRise CEO Thomas Pace Pace explores why these attacks are escalating and what organizations can do to protect themselves. 🔑 Key insights: • The increased use of third-party and open-source software has significantly expanded the attack surface. • A lack of visibility into software components leaves organizations vulnerable. Implementing SBOMs and automated software risk analysis is crucial for proactive defense. 💡 It’s time to move beyond network-based scanning and gain full visibility into your software. 🔗 Read the full article below: #CybersecurityAwarenessMonth #Cybersecurity #SupplyChainDetectionandResponse #SupplyChainSecurity #SoftwareSupplyChain #Procurement #NetRise #RiskManagement #TrustButVerify #VulnerabilityManagement #XIoT #SBOM #SCRM #Firmware #Infosec #DevSecOps #CyberAttack #ICS #IoTSecurity #ReverseEngineering #SupplyChainRisk #CriticalInfrastructure #ThreatHunting

🛡️ Trust, But Verify – Are You Evaluating Software Security in Your Procurement Process? As we focus on building a safer digital world during Cybersecurity Awareness Month, it’s a great time to rethink how we approach software security year-round. Would you trust a car that hadn’t been crash tested or a new drug without FDA approval? Of course not. So why trust software without verifying its security? 🔍 The stakes are high: 61% of companies faced a software supply chain attack in the past year (Capterra). There can be up to a 300% difference in risk levels between similar software products from different vendors (NetRise). Let’s move beyond blind trust—verify. Incorporating detailed software analysis into your procurement process ensures you’re making informed, secure choices and protecting your organization against evolving threats. 🔗 Read the Full Blog Post Below: #CybersecurityAwarenessMonth #Cybersecurity #SupplyChainDetectionandResponse #SupplyChainSecurity #SoftwareSupplyChain #Procurement #NetRise #RiskManagement #TrustButVerify #VulnerabilityManagement #XIoT #SBOM #SCRM #Firmware #Infosec #DevSecOps #CyberAttack #ICS #IoTSecurity #ReverseEngineering #SupplyChainRisk #CriticalInfrastructure #ThreatHunting

📢 Cyberattack Disrupts American Water's Online Systems On October 3rd, American Water—the largest publicly traded water utility in the US—experienced a cyberattack that led to significant network disruptions. The incident prompted the company to disconnect some of its systems, including online services and telecommunications. While the water supply and wastewater operations are reportedly unaffected, this incident highlights the increasing cybersecurity risks facing critical infrastructure providers. With over 14 million customers relying on their services, the impact of such attacks extends far beyond financial losses, emphasizing the importance of securing our most vital resources. Learn more about the incident and its implications below. #CyberSecurity #XIoT #NetRise #VulnerabilityManagement #CriticalInfrastructure #SupplyChainSecurity #SupplyChainDetectionAndResponse #SoftwareSupplyChain #RiskManagement #SBOM #SCRM #NationalSecurity #InformationSecurity #Hacking

🚨 New Threat Alert: GorillaBot DDoS Surge A new variant of the Mirai botnet, dubbed GorillaBot, has launched over 300,000 #DDoS attacks globally, targeting nearly 4,000 organizations in the US alone. This surge highlights the ongoing risk posed by unsecured IoT and connected devices. With its ability to execute multiple attack methods—including UDP floods and TCP ACK Bypass attacks—GorillaBot is a reminder that IoT devices, from small business routers to critical infrastructure, remain a primary target for cyber adversaries. Patches are now available to mitigate these threats. Be sure to apply them and review your security configurations to keep your systems safe. Lean more in the article linked below. #CyberSecurity #DDoS #XIoT #NetRise #VulnerabilityManagement #IoT #ThreatIntelligence #IoTSecurity #RiskManagement #CriticalInfrastructure #SBOM #SCRM #SupplyChainRiskManagement #SupplyChainDetectionAndResponse #GorillaBot

🚨 New Critical Vulnerabilities in DrayTek Routers Expose Thousands of Devices Recent reports have revealed 14 vulnerabilities affecting DrayTek routers, including critical flaws like remote code execution (#RCE) and denial-of-service (#DoS). With over 700,000 Internet-exposed routers at risk—many used in business and government settings—this discovery highlights the urgency of addressing these risks. Patches have been released to address these vulnerabilities. Apply them as soon as possible to safeguard your network. #CyberSecurity #VulnerabilityManagement #CriticalInfrastructure #SupplyChainSecurity #NetRise #RiskManagement #CVE #SBOM #SCRM #SupplyChainDetectionAndResponse #CyberSecurityAwarenessMonth

Exciting to see MITRE launching the AI Incident Sharing Initiative, a collaboration with key industry players to enhance defenses for AI-enabled systems. Sharing real-world AI incidents and expanding the MITRE ATLAS knowledge base is a big step forward in improving collective security. Learn more about how this initiative is helping to safeguard the future of AI and technology: #CyberSecurity #AI #ThreatIntelligence #RiskManagement #Collaboration #EmergingTech #NetRise #VulnerabilityManagement #SupplyChainSecurity #SupplyChainDetectionAndResponse #SoftwareSupplyChain #RiskManagement #SBOM #SCRM