vulnerability management

NVD: NIST is working on longer-term solutions

CVE, Don't miss, Hot stuff, News, NIST, vulnerability management /

NVD: NIST is working on longer-term solutions 2024-04-03 at 13:17 By Zeljka Zorz The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards and Technology […]

React to this headline:

Loading spinner

NVD: NIST is working on longer-term solutions Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

How new and old security threats keep persisting

cybersecurity, Cymulate, data, News, report, survey, threats, vulnerability management /

How new and old security threats keep persisting 2024-03-08 at 08:00 By Help Net Security Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the next big cyberattack and

React to this headline:

Loading spinner

How new and old security threats keep persisting Read More »

Preparing for the NIS2 Directive

Compliance, cyber hygiene, cybersecurity, Don't miss, EU, Hot stuff, strategy, supply chain, Telstra Purple, Video, vulnerability management /

Preparing for the NIS2 Directive 2024-02-28 at 08:01 By Help Net Security The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more organizations into scope. Companies –

React to this headline:

Loading spinner

Preparing for the NIS2 Directive Read More »

CVE count set to rise by 25% in 2024

Coalition, CVE, cybersecurity, exploit, News, patching, RDP, report, vulnerability management /

CVE count set to rise by 25% in 2024 2024-02-26 at 07:00 By Help Net Security The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens software vulnerability concerns Vulnerabilities

React to this headline:

Loading spinner

CVE count set to rise by 25% in 2024 Read More »

Does CVSS 4.0 solve the exploitability problem?

CVSS, cybersecurity, Don't miss, Expert analysis, Hot stuff, IBS Software, News, opinion, vulnerability management /

Does CVSS 4.0 solve the exploitability problem? 2024-01-31 at 08:03 By Help Net Security The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live. Building iteratively on version 3 there are a few differences

React to this headline:

Loading spinner

Does CVSS 4.0 solve the exploitability problem? Read More »

The effect of omission bias on vulnerability management

cyber resilience, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, remediation, trackd, vulnerability management /

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

React to this headline:

Loading spinner

The effect of omission bias on vulnerability management Read More »

Creating a formula for effective vulnerability prioritization

Compliance, CVE, CVSS, cybersecurity, Don't miss, Features, framework, Hot stuff, Morphisec, News, opinion, vulnerability management /

Creating a formula for effective vulnerability prioritization 18/12/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventories, and manual methods, while also exploring the role

React to this headline:

Loading spinner

Creating a formula for effective vulnerability prioritization Read More »

Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support

ARMO, GitHub, Industry news, open source, scanning, vulnerability management /

Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support 11/12/2023 at 11:02 By Help Net Security With its innovative feature for generating reliable Vulnerability Exploitability eXchange (VEX) documents, Kubescape became the first open-source project to provide this functionality. This advancement offers security practitioners a powerful tool to effectively prioritize and address software vulnerabilities. What is

React to this headline:

Loading spinner

Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support Read More »

Organizations rethink cybersecurity investments to meet NIS Directive requirements

cybersecurity, ENISA, EU, investment, News, report, skill development, survey, vulnerability management /

Organizations rethink cybersecurity investments to meet NIS Directive requirements 22/11/2023 at 07:07 By Help Net Security Despite a 25% increase of the cost of major cyber incidents in 2022 compared to 2021, the new report on cybersecurity investment from ENISA reveals a slight increase of 0,4% of IT budget dedicated to cybersecurity by EU operators

React to this headline:

Loading spinner

Organizations rethink cybersecurity investments to meet NIS Directive requirements Read More »

Mainframes are around to stay, it’s time to protect them

Compliance, cybersecurity, data, DevOps, mainframe security, News, open source, report, Rocket Software, survey, vulnerability management /

Mainframes are around to stay, it’s time to protect them 01/11/2023 at 07:31 By Help Net Security While many organizations run their core business applications on the mainframe, IT leaders lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices, according to Rocket Software. For decades, mainframe

React to this headline:

Loading spinner

Mainframes are around to stay, it’s time to protect them Read More »

Vulnerability management metrics: How to measure success

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Intruder, opinion, threats, vulnerability management /

Vulnerability management metrics: How to measure success 31/10/2023 at 07:32 By Help Net Security Without the right metrics, vulnerability management is pretty pointless. If you’re not measuring, how do you know it’s working? So how do you know what to focus on? The list is potentially endless, and it can be hard to know what’s

React to this headline:

Loading spinner

Vulnerability management metrics: How to measure success Read More »

Scaling rapidly? Your application security strategies need to keep up

Application Security, Compliance, cybersecurity, ESG, Mend, News, remediation, report, strategy, survey, vulnerability management /

Scaling rapidly? Your application security strategies need to keep up 23/10/2023 at 07:01 By Help Net Security Modern application security strategies must support and enable modern software development, even as it rapidly scales, according to Mend.io. Just 52% of companies can effectively remediate critical vulnerabilities and only 41% are confident they can manage the security

React to this headline:

Loading spinner

Scaling rapidly? Your application security strategies need to keep up Read More »

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

1Password, Alpine, Chrome, containers, Debian, Don't miss, Firefox, Google, Hot stuff, LibreOffice, Linux, macOS, Microsoft Teams, News, Opera, patch, patching, Rezilion, runZero, Signal, Slack, SUSE, Telegram, Ubuntu, Vivaldi, vulnerability, vulnerability management /

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,

React to this headline:

Loading spinner

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »

Balancing budget and system security: Approaches to risk tolerance

Axonius, cyber risk, cybersecurity, data breach, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, Risk Management, vulnerability management /

Balancing budget and system security: Approaches to risk tolerance 19/09/2023 at 08:16 By Help Net Security Data breaches are a dime a dozen. Although it’s easy to look at that statement negatively, the positive viewpoint is that, as a result, cybersecurity professionals have plenty of learning moments. Learning what went wrong and why can be

React to this headline:

Loading spinner

Balancing budget and system security: Approaches to risk tolerance Read More »

LibreOffice: Stability, security, and continued development

cyber resilience, Don't miss, EU, Features, Hot stuff, legislation, LibreOffice, News, open source, product development, vulnerability management /

LibreOffice: Stability, security, and continued development 07/09/2023 at 08:31 By Zeljka Zorz LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it’s free. The suite includes Writer (word processor), Calc (a spreadsheet app), Impress

React to this headline:

Loading spinner

LibreOffice: Stability, security, and continued development Read More »

Relying on CVSS alone is risky for vulnerability management

CVSS, News, report, Rezilion, survey, vulnerability management /

Relying on CVSS alone is risky for vulnerability management 31/07/2023 at 07:05 By Help Net Security A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was

React to this headline:

Loading spinner

Relying on CVSS alone is risky for vulnerability management Read More »

A step-by-step guide for patching software vulnerabilities

CVSS, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, Syxsense, vulnerability management /

A step-by-step guide for patching software vulnerabilities 27/07/2023 at 07:34 By Help Net Security Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizations struggle

React to this headline:

Loading spinner

A step-by-step guide for patching software vulnerabilities Read More »

Generative AI outperforms hackers but not their creativity

Artificial Intelligence, Bugcrowd, cybersecurity, generative AI, hacker, hacking, News, report, vulnerability, vulnerability management /

Generative AI outperforms hackers but not their creativity 14/07/2023 at 08:02 By Help Net Security 72% of hackers are confident that AI cannot replace human creativity in security research and vulnerability management, according to Bugcrowd. Generative AI hacking Generative AI was a major theme in the 2023 report, with 55% of respondents saying that it

React to this headline:

Loading spinner

Generative AI outperforms hackers but not their creativity Read More »

Inadequate tools leave AppSec fighting an uphill battle for cloud security

Application Security, Backslash Security, cloud security, cybersecurity, News, report, vulnerability management /

Inadequate tools leave AppSec fighting an uphill battle for cloud security 19/05/2023 at 06:32 By Help Net Security AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Costly ‘defensive tax’

React to this headline:

Loading spinner

Inadequate tools leave AppSec fighting an uphill battle for cloud security Read More »

Scroll to Top