Hand CVE Over to the Private Sector
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
The EU cyber agency ENISA has launched its vulnerability database, the EUVD; security experts shared their thoughts regarding what this means for CVEs, as well as the larger conversation around how bugs are tracked.
The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.
The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.
Despite getting help, NIST is not keeping up with new vulnerability reports for the National Vulnerabilities Database, according to an analysis from Fortress Information Security.
Since its inception, three key factors have affected the NVD's ability to classify security concerns — and what we're experiencing now is the result.
The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward.
Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability.
Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks.
These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks.
OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.