National Vulnerability Database

Sonatype Uncovers Millions of Previously Hidden Open Source Vulnerabilities Through Unique Shaded Vulnerability Detection System

Retrieved on: 
Thursday, May 2, 2024
Risk, CVSS, Log4Shell, Risk management, Automation, National Vulnerability Database, NVD, Optimism, Critical, Organization, XZ

Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.

Key Points: 
  • Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.
  • This industry-first data enhancement comes from a novel, Sonatype-created algorithm capable of detecting vulnerabilities in "shaded" open source files—a technique in which original code is repackaged, often making detection by traditional means impossible.
  • Our commitment is to provide the deepest, most comprehensive insights into open source vulnerabilities, coupled with the tools and automation necessary to boost developer productivity while minimizing security risks."
  • "While no one wants to see more vulnerabilities discovered in open source, sunshine is, as they say, the best disinfectant.

Vicarius Launches vstore and vacademy to Expand Thriving Vulnerability Research Community

Retrieved on: 
Wednesday, May 1, 2024
Software, Networks, Hardware, Continuing, Technology, Education, Training, Security, Pocs, Ecosystem, CTF, Reproduction, CVE, Traction, Research, Knowledge, Federation, National Vulnerability Database, POC, NVD, Movement, Private sector, Growth, Videocassette recorder

Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.

Key Points: 
  • Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.
  • The platform has seen impressive growth with over 2,000 active members and a thriving Discord community.
  • With vacademy, participants can enroll in courses and participate in hands-on learning led by community instructors.
  • vstore will open its digital doors May 10, 2024 while vacademy will be launched in Q3 of this year.

VulnCheck Adds Common Platform Enumeration (CPE) Data to its NVD++ Service to Improve Vulnerability Prioritization

Retrieved on: 
Monday, March 25, 2024
Technology, Security, Community, OS, National Vulnerability Database, NVD, Research, Software, NIST, CPE, JSON, API, Common Vulnerabilities and Exposures, Common Platform Enumeration, Government, CVE, Risk management

VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
  • By enriching NVD++ with CPE data, VulnCheck is helping solve an industry-wide issue, enabling defenders to identify vulnerable assets for newly published Common Vulnerabilities and Exposures (CVEs) in the NVD.
  • CPE data plays a crucial role in vulnerability management by providing a standardized method for identifying and documenting software applications, operating systems, and hardware components.
  • The source data VulnCheck used to produce “known vulnerable configurations” containing CPEs in NVD++ is the same used by NIST.

VulnCheck Introduces VulnCheck NVD++ as a Reliable, High-Performance Alternative to the NIST NVD 2.0 API

Retrieved on: 
Thursday, March 14, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, Community, KEV, Organization, National Vulnerability Database, Intelligence, Risk, Publishing, Private sector, NIST, API, JSON, NVD, Government, Frustration, CVE, Cryptocurrency

VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.

Key Points: 
  • VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.
  • VulnCheck NVD++ solves these challenges with a reliable, persistent connection to our Community NVD 2.0 API that operates at machine speed.
  • In December 2023, VulnCheck announced its first Community resource: perpetual support and maintenance of the NIST NVD 1.0 API, ahead of the migration deadline.
  • VulnCheck NVD++ bundles the 2.0 API with the previously released 1.0 API, including downloadable JSON backup files for each, into a single resource.

DarkLight Introduces Game-Changing Risk Reanalysis Capability and Expands Application of Threat Intelligence and Enrichment Sources

Retrieved on: 
Wednesday, March 27, 2024
Microsoft, CISA, Organization, MITRE ATT&CK, Risk management, Knowledge, ServiceNow, Communication, EVP, National Vulnerability Database, Intelligence, Risk, CK, MITRE, Northern Lights, Software, Engineering, Metasploit, Exploit, Microsoft Teams, Catalog, FIRST, CVE

SEATTLE, March 27, 2024 /PRNewswire/ -- DarkLight, a leading provider of cutting-edge cybersecurity solutions, is proud to announce the daily, automatic application of the latest threat intelligence and enrichment sources into its flagship product, Cyio.

Key Points: 
  • SEATTLE, March 27, 2024 /PRNewswire/ -- DarkLight, a leading provider of cutting-edge cybersecurity solutions, is proud to announce the daily, automatic application of the latest threat intelligence and enrichment sources into its flagship product, Cyio.
  • Additionally, DarkLight introduced several new intelligence and enrichment sources to better inform the identification and prioritization of risk.
  • Through automatic application of cybersecurity tradecraft, and the recent integration with mail handlers, Cyio now accommodates the entire risk management lifecycle – from risk identification and prioritization to risk mitigation and remediation.
  • Soon, DarkLight will integrate MITRE ATT&CK and CVE to MITRE ATT&CK Mapping to unveil mitigation or workaround options alongside remediations.

BackBox Unveils Major Update to Network Vulnerability Manager, Enhancing CVE Mitigation and Risk Scoring

Retrieved on: 
Tuesday, March 26, 2024
User interface, OS, CISA, NIST, National Vulnerability Database, BackBox, NVD, CVE, NVM, Risk management

DALLAS, March 26, 2024 /PRNewswire/ -- After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox, a leader in security-centric automation for network teams, has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as "mitigated," helping network teams manage CVEs and their relevance to the organization.

Key Points: 
  • BackBox has also improved its User Interface (UI)  to help network engineers manage mitigated CVEs and give them the flexibility to view their organization's risk posture either by CVE or by device.
  • "Our customers appreciate that we make network vulnerability management easy by empowering them to see their risk scores update in real-time through the CVE 'mitigated' feature and closed-loop remediation," said BackBox CEO Andrew Kahl.
  • BackBox launched Network Vulnerability Manager in October 2023 to integrate automated OS upgrades and network configuration management capabilities with network vulnerability management into common workflows.
  • NVM is purpose-built for network teams to easily discover vulnerabilities in their network, prioritize CVEs according to their unique risk profile, and automate remediation, no matter the network complexity.

63% of Known Vulnerabilities Tracked by CISA are on Healthcare Organization Networks, Claroty's Team82 Finds

Retrieved on: 
Tuesday, March 12, 2024
Probability, Diagnosis, Failure, Research, CISA, Conference, Risk management, CPS, Medicine, MRI, Health, National Vulnerability Database, Internet of things, Patient, Hospital, Health care, Wi-Fi, Computer security, EPSS, Defibrillation, Oss, NVD, Pump, Medical device

NEW YORK and ORLANDO, Fla. , March 12, 2024 /PRNewswire/ -- Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical devices connected to healthcare organization networks such as hospitals and clinics. The State of CPS Security Report: Healthcare 2023 discovered a staggering 63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) on these networks, and that 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one KEV.

Key Points: 
  • Vulnerabilities and implementation weaknesses frequently surface in Team82's research, and a direct line can be drawn to potentially negative patient outcomes in each of these cases.
  • "However, the increase in connectivity requires proper network architecture and an understanding of the exposure to attackers that it introduces.
  • Healthcare organizations and their security partners must develop policies and strategies that stress the need for resilient medical devices and systems that can withstand intrusions.
  • The State of CPS Security Report: Healthcare 2023 is a snapshot of healthcare cybersecurity trends, medical device vulnerabilities, and incidents observed and analyzed by Team82, Claroty's threat research team, and our data scientists.

VulnCheck Offers Vulnerability Management Continuity by Maintaining NIST NVD 1.0 After Migration Deadline

Retrieved on: 
Thursday, December 7, 2023
Security, Defense, Technology, Other Technology, Internet, Other Defense, Bettini, Organization, CVE, Database, NVD, National Vulnerability Database, Intelligence, API, NIST, Cryptocurrency

VulnCheck , the exploit intelligence company, today announced that it will provide and maintain the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) API 1.0 ahead of the December 15 migration deadline .

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced that it will provide and maintain the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) API 1.0 ahead of the December 15 migration deadline .
  • Threat detection and response, vulnerability management, and other cybersecurity teams leverage NIST's NVD 1.0 APIs to pull data into scan engines to prioritize patching and remediation of vulnerabilities.
  • Announced in 2022 , the NVD plans to retire its legacy data feeds and 1.0 APIs on December 15, 2023.
  • "Our goal is to ensure that all vulnerability management operations designed for NVD 1.0 will function as needed until teams are ready to make the jump."

Ivanti and Securin Inc. Unite Forces to Safeguard Customers Against Cyber Threats

Retrieved on: 
Thursday, November 9, 2023
Data Management, Security, Apps, Applications, Technology, Software, Internet, Knowledge, Securin, Intelligence, UEM, National Vulnerability Database, Quarantine, VI, Discovery, Entrepreneurship, CVE, Neuron, American Securities, API, MITRE, IT service management, Risk, ASOC, Partnership, Machine learning, NVD, AI, Unified endpoint management, ZTA, Managed services, Vulnerability, ITSM, Risk management, Ivanti

Fueled by data from Securin’s Vulnerability Intelligence (VI), Ivanti Neurons for Vulnerability Knowledge Base provides authoritative, near-real-time vulnerability threat intelligence so security experts can expedite vulnerability assessments and prioritization.

Key Points: 
  • Fueled by data from Securin’s Vulnerability Intelligence (VI), Ivanti Neurons for Vulnerability Knowledge Base provides authoritative, near-real-time vulnerability threat intelligence so security experts can expedite vulnerability assessments and prioritization.
  • “Ivanti has long been a valued partner and we are thrilled to expand our partnership by providing Ivanti customers with more visibility into their potential cyber threats and exposures,” said Kiran Chinnagangannagari, Co-Founder and Chief Product & Technology Officer at Securin.
  • Ivanti Neurons for Vulnerability Knowledge Base arms security experts with authoritative and immediate vulnerability threat intelligence plus risk-based scoring of vulnerabilities based on real-world threat information.
  • At Ivanti we are always looking at ways to provide customers with the most comprehensive information on real-world threats and help them on their journey to continuous threat exposure management and risk-based vulnerability management.”

VicOne Wins 2023 AutoTech Breakthrough Award for EV ‘Overall Charging Station Innovation of the Year’ and CyberSecurity Breakthrough Award for ‘Intrusion Detection Solution of the Year’

Retrieved on: 
Tuesday, October 31, 2023
Electronic Design Automation, Automotive Manufacturing, Technology, Logistics, Supply Chain Management, Manufacturing, Mobile, Wireless, Construction & Property, Urban Planning, Public Transport, Security, Other Automotive, Alternative Energy, Autonomous Driving, Vehicles, Energy, Other Transport, Automotive, EV, Electric Vehicles, Transport, Other Technology, Software, Internet, Hardware, IDPS, Intelligence, Okinawa Autotech, Écu, EVSE, Frost, Unified managed account, National Vulnerability Database, Architecture, Computer, Overalls, Original equipment manufacturer, Electric vehicle, Multimedia, CPU, NVD, ECU, Safety, IDS, Workload, Satellite navigation device, Risk management, Arms industry, Medical device

VicOne , an automotive cybersecurity solutions leader, today announced it has won the 2023 AutoTech Breakthrough Award for Electric Vehicles (EV) Overall Charging Station Innovation of the Year, and the 2023 CyberSecurity Breakthrough Award for Intrusion Detection Solution (IDS) of the Year in Unified Management.

Key Points: 
  • VicOne , an automotive cybersecurity solutions leader, today announced it has won the 2023 AutoTech Breakthrough Award for Electric Vehicles (EV) Overall Charging Station Innovation of the Year, and the 2023 CyberSecurity Breakthrough Award for Intrusion Detection Solution (IDS) of the Year in Unified Management.
  • View the full release here: https://www.businesswire.com/news/home/20231031487510/en/
    VicOne wins 2023 AutoTech Breakthrough Award for Overall EV Charging Station Innovation of the Year.
  • (Graphic: Business Wire)
    VicOne received the 2023 AutoTech Breakthrough Award for its electric vehicle supply equipment ( EVSE ) protection solution, including the xZETA vulnerability management system and intrusion detection and prevention system (IDPS).
  • For the CyberSecurity Breakthrough Award , VicOne was recognized for its xCarbon frictionless IDS/IPS, which provides secure automotive in-vehicle security and system reliability.