vulns
The Journey to 300,000 Vulnerabilities: The Good, The Bad, and The Bizarre
Our VulnDB team reached a tremendous milestone in our pursuit of best-in-class vulnerability intelligence— aggregating our 300,000th vulnerability disclosure. The post The Journey to 300,000 Vulnerabilities: The Good, The Bad, and The ...
Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA
Yesterday, CISA and US Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, internet-facing VMware Horizon and Unified Access Gateway servers. The post Hackers ...
Hackers Are Still Exploiting Log4Shell Vulnerability, Warns CISA
Yesterday, CISA and US Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, internet-facing VMware Horizon and Unified Access Gateway servers. The post Hackers ...
Patch Tuesday Isn’t Ending. Here’s What Microsoft is Saying
According to Microsoft, Patch Tuesday will continue in July 2022 and the foreseeable future. Unfortunately, several prominent media outlets have misinterpreted this, writing rhetorically-charged titles that have created confusion within the security ...
Patch Tuesday Isn’t Ending. Here’s What Microsoft is Saying
According to Microsoft, Patch Tuesday will continue in July 2022 and the foreseeable future. Unfortunately, several prominent media outlets have misinterpreted this, writing rhetorically-charged titles that have created confusion within the security ...
China is Exploiting Network Providers and Devices, Says US Cybersecurity Advisory
On June 7, the US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) released an advisory outlining the different tactics, techniques, and procedures (TTPs), ...
The Practitioner’s Guide to Vulnerability Management: Implementing a Risk-Based Approach
A scalable, high-quality vulnerability management program (VMP) accounts for volatility and exploitability by first focusing on issues that affect critical assets, rather than attempting to patch top-down. The post The Practitioner’s Guide ...
CISA Adds Five ‘New’ Exploits to KEV Catalog, Including 2014’s Heartbleed Vulnerability
On May 4, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added five “new” vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog. Three of the entries were originally disclosed in 2014, including ...
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited ...
1,701 New Vulnerabilities: Vulnerability Intelligence Infographic, March 2022: Key Trends and Analysis
According to Risk Based Security, a Flashpoint company, 1,701 new vulnerabilities were disclosed last month, with 22 percent (382) of them missed by CVE/NVD. Here are some things you should know about ...
