CVEs
CISA Cites Modest Progress in Reducing CVEs
Nathan Eddy | | cisa, common vulnerabilities and exposures, CVEs, Cybersecurity, Vulnerability Management
CISA highlighted advancements related to two Cybersecurity Performance Goals (CPGs) it first introduced in October 2022 ...
Security Boulevard
CACTUS Qlik Ransomware: Vulnerabilities Exploited
Wajahat Raja | | Analytics Software, Arctic Wolf, BI Systems, BITS, CACTUS Qlik Ransomware, CVEs, Cyberattack Campaign, Cybersecurity, Cybersecurity News, Data Visualization, Double Extortion, Exploits, HTTP Tunneling, Incident Response, ManageEngine UMES, patching, path traversal, powershell, Qlik Sense, ransomware tactics, Rclone, RDP, Remote Code Execution, Security Vulnerabilities, Sophos Endpoint Security, threat actors, VPN Appliance Flaws, WizTree
A cyberattack campaign dubbed the CACTUS Qlik Ransomware has become prominent in ransomware attacks on BI systems. Researchers have warned of threat actors exploiting three Qlik security vulnerabilities to target different organizations ...
Microsoft Vulnerabilities Top CISA’s List of Ransomware-Linked CVEs
Microsoft products, including Windows and Exchange Server, are highly targeted, accounting for most CVEs used in ransomware attacks ...
Security Boulevard
Coalition Forecasts CVE Disclosure Spike in 2023
Michael Vizard | | 2023 predictions, breach disclosre, Coalition, CVEs, cyberinsurance, Vulnerabilities
Coalition, a provider of cyberinsurance, today published a report that predicted a 13% increase in the average number of vulnerabilities disclosed per month in 2023. The report estimated more than 1,900 additional ...
Security Boulevard
Report Surfaces Top Vulnerabilities of 2022
Rezilion, a vulnerability management platform provider, shared a list of the top vulnerabilities discovered in 2022. The report suggested that organizations should address these before the start of the New Year if ...
Security Boulevard
How to Comply With the US Government’s Strict Software Requirements
Curtis Kang | | cisa, CVE, CVEs, FEATURED, Known Exploited Vulnerabilities Catalog, U.S. government, Vulnerabilities, vulnerability intelligence, Vulnerability Management, Vulnerability Remediation
We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...
How to Comply With the DoD’s Newer and Stricter Software Requirements
Curtis Kang | | cisa, CVE, CVEs, FEATURED, Known Exploited Vulnerabilities Catalog, U.S. government, Vulnerabilities, vulnerability intelligence, Vulnerability Management, Vulnerability Remediation
We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...
CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1
Curtis Kang | | Analyst Report, CVE, CVEs, Flashpoint Research, Vulnerabilities, Vulnerability Management, Vulnerability Remediation
Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...
CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1
Curtis Kang | | Analyst Report, CVE, CVEs, Flashpoint Research, Vulnerabilities, Vulnerability Management, Vulnerability Remediation
Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
Daniel Johnston | | Application Security, CVEs, Digest, runtime protection, WAF Gateway, Web Application Firewall
New zero-day Remote Code Execution (RCE) vulnerabilities were discovered in Spring Framework, an application development framework and inversion of control container for the Java platform. The vulnerability potentially leaves millions of applications ...