CVE Disruption Threatens Foundations of Defensive Security
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and SoonThis week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.
Board Members Announce Launch of 'CVE Foundation' to Secure Program's FutureWarnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain unclear.
Board Members Announce Launch of 'CVE Foundation' to Secure Program's FutureWarnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain unclear.
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.