NVD

Sonatype Uncovers Millions of Previously Hidden Open Source Vulnerabilities Through Unique Shaded Vulnerability Detection System

Retrieved on: 
Thursday, May 2, 2024
Risk, CVSS, Log4Shell, Risk management, Automation, National Vulnerability Database, NVD, Optimism, Critical, Organization, XZ

Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.

Key Points: 
  • Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.
  • This industry-first data enhancement comes from a novel, Sonatype-created algorithm capable of detecting vulnerabilities in "shaded" open source files—a technique in which original code is repackaged, often making detection by traditional means impossible.
  • Our commitment is to provide the deepest, most comprehensive insights into open source vulnerabilities, coupled with the tools and automation necessary to boost developer productivity while minimizing security risks."
  • "While no one wants to see more vulnerabilities discovered in open source, sunshine is, as they say, the best disinfectant.

Vicarius Launches vstore and vacademy to Expand Thriving Vulnerability Research Community

Retrieved on: 
Wednesday, May 1, 2024
Software, Networks, Hardware, Continuing, Technology, Education, Training, Security, Pocs, Ecosystem, CTF, Reproduction, CVE, Traction, Research, Knowledge, Federation, National Vulnerability Database, POC, NVD, Movement, Private sector, Growth, Videocassette recorder

Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.

Key Points: 
  • Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.
  • The platform has seen impressive growth with over 2,000 active members and a thriving Discord community.
  • With vacademy, participants can enroll in courses and participate in hands-on learning led by community instructors.
  • vstore will open its digital doors May 10, 2024 while vacademy will be launched in Q3 of this year.

Horizon3.ai Unveils Rapid Response Service for Cyber Resilience

Retrieved on: 
Tuesday, April 30, 2024
Software, Networks, Internet, Professional Services, Hardware, Technology, Defense, Artificial Intelligence, Government Technology, Automotive Manufacturing, Consulting, Manufacturing, Rapid Response, Hearing, Research, Eye, NVD, Judgement, POC, Exploitation, Organization, Prevalence, Risk management

Horizon3.ai , a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform.

Key Points: 
  • Horizon3.ai , a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform.
  • NodeZero addresses this issue with its Rapid Response service, which is specifically tailored to manage many of the most critical vulnerabilities more effectively.
  • The Rapid Response service doesn't just focus on vulnerabilities; it zeroes in on the exploitability of known issues in production environments.
  • Horizon3.ai's Rapid Response service is a groundbreaking step forward in the field of cybersecurity, offering organizations an unprecedented level of preparedness against cyber threats.

Azul Intelligence Cloud Boosts DevOps Efficiency with Insights from Production Runtime Data Across Entire Java Estates

Retrieved on: 
Tuesday, April 30, 2024
Data Management, Security, Apps, Applications, Technology, Software, Networks, Internet, Cloud, Eclipse, Knowledge, Organization, Intelligence, JDK, Triage, Historiography, Risk, JVM, DevOps, Library, Red Hat, SRE, Pressure, Microsoft, NVD, Fatigue, Java virtual machine, Log4j, Cloud Creek crater, IDC, Telemetry, Risk management

Azul , the only company 100% focused on Java, today announced that Azul Intelligence Cloud , Azul’s cloud analytics solution which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity, now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.

Key Points: 
  • Azul , the only company 100% focused on Java, today announced that Azul Intelligence Cloud , Azul’s cloud analytics solution which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity, now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
  • This has significantly sped up our development cycles,” said an Azul Intelligence Cloud user from a leading fintech trading firm.
  • Enables DevOps to understand what code is used in production and helps identify unused and dead code for removal (i.e.
  • No Performance Impact in Production: Azul Intelligence Cloud efficiently captures Java runtime data that exists within a JVM when running a Java application, resulting in no performance impact, something not possible using traditional security or profiling tools.

VulnCheck Closes $7.95 Million in Seed Funding to Accelerate Momentum Amid Growing Demand for its Next-Generation Exploit Intelligence Solutions

Retrieved on: 
Friday, April 19, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, Organization, Intelligence, JSON, Cisco IOS, News, CVE, Conference, Catalog, API, Automation, Government, CPE, NVD, Web analytics, Database, CISA, NIST, RSA, Artifact, Growth, Disclosure, Risk management

VulnCheck , the exploit intelligence company, today announced the final close of its seed funding round at a total of $7.95 million, with $4.75 million in new funding.

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced the final close of its seed funding round at a total of $7.95 million, with $4.75 million in new funding.
  • The news comes shortly after VulnCheck was named a finalist for the RSA Conference 2024 Innovation Sandbox contest .
  • "Since launching, we’ve seen demand for VulnCheck’s intelligence services skyrocket,” said Anthony Bettini, founder and CEO at VulnCheck.
  • VulnCheck Known Exploited Vulnerabilities catalog , a database delivering advanced intelligence on vulnerabilities being actively exploited in the wild.

VulnCheck Adds Common Platform Enumeration (CPE) Data to its NVD++ Service to Improve Vulnerability Prioritization

Retrieved on: 
Monday, March 25, 2024
Technology, Security, Community, OS, National Vulnerability Database, NVD, Research, Software, NIST, CPE, JSON, API, Common Vulnerabilities and Exposures, Common Platform Enumeration, Government, CVE, Risk management

VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
  • By enriching NVD++ with CPE data, VulnCheck is helping solve an industry-wide issue, enabling defenders to identify vulnerable assets for newly published Common Vulnerabilities and Exposures (CVEs) in the NVD.
  • CPE data plays a crucial role in vulnerability management by providing a standardized method for identifying and documenting software applications, operating systems, and hardware components.
  • The source data VulnCheck used to produce “known vulnerable configurations” containing CPEs in NVD++ is the same used by NIST.

VulnCheck Introduces VulnCheck NVD++ as a Reliable, High-Performance Alternative to the NIST NVD 2.0 API

Retrieved on: 
Thursday, March 14, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, Community, KEV, Organization, National Vulnerability Database, Intelligence, Risk, Publishing, Private sector, NIST, API, JSON, NVD, Government, Frustration, CVE, Cryptocurrency

VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.

Key Points: 
  • VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.
  • VulnCheck NVD++ solves these challenges with a reliable, persistent connection to our Community NVD 2.0 API that operates at machine speed.
  • In December 2023, VulnCheck announced its first Community resource: perpetual support and maintenance of the NIST NVD 1.0 API, ahead of the migration deadline.
  • VulnCheck NVD++ bundles the 2.0 API with the previously released 1.0 API, including downloadable JSON backup files for each, into a single resource.

BackBox Unveils Major Update to Network Vulnerability Manager, Enhancing CVE Mitigation and Risk Scoring

Retrieved on: 
Tuesday, March 26, 2024
User interface, OS, CISA, NIST, National Vulnerability Database, BackBox, NVD, CVE, NVM, Risk management

DALLAS, March 26, 2024 /PRNewswire/ -- After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox, a leader in security-centric automation for network teams, has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as "mitigated," helping network teams manage CVEs and their relevance to the organization.

Key Points: 
  • BackBox has also improved its User Interface (UI)  to help network engineers manage mitigated CVEs and give them the flexibility to view their organization's risk posture either by CVE or by device.
  • "Our customers appreciate that we make network vulnerability management easy by empowering them to see their risk scores update in real-time through the CVE 'mitigated' feature and closed-loop remediation," said BackBox CEO Andrew Kahl.
  • BackBox launched Network Vulnerability Manager in October 2023 to integrate automated OS upgrades and network configuration management capabilities with network vulnerability management into common workflows.
  • NVM is purpose-built for network teams to easily discover vulnerabilities in their network, prioritize CVEs according to their unique risk profile, and automate remediation, no matter the network complexity.

63% of Known Vulnerabilities Tracked by CISA are on Healthcare Organization Networks, Claroty's Team82 Finds

Retrieved on: 
Tuesday, March 12, 2024
Probability, Diagnosis, Failure, Research, CISA, Conference, Risk management, CPS, Medicine, MRI, Health, National Vulnerability Database, Internet of things, Patient, Hospital, Health care, Wi-Fi, Computer security, EPSS, Defibrillation, Oss, NVD, Pump, Medical device

NEW YORK and ORLANDO, Fla. , March 12, 2024 /PRNewswire/ -- Claroty, the cyber-physical systems (CPS) protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical devices connected to healthcare organization networks such as hospitals and clinics. The State of CPS Security Report: Healthcare 2023 discovered a staggering 63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) on these networks, and that 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one KEV.

Key Points: 
  • Vulnerabilities and implementation weaknesses frequently surface in Team82's research, and a direct line can be drawn to potentially negative patient outcomes in each of these cases.
  • "However, the increase in connectivity requires proper network architecture and an understanding of the exposure to attackers that it introduces.
  • Healthcare organizations and their security partners must develop policies and strategies that stress the need for resilient medical devices and systems that can withstand intrusions.
  • The State of CPS Security Report: Healthcare 2023 is a snapshot of healthcare cybersecurity trends, medical device vulnerabilities, and incidents observed and analyzed by Team82, Claroty's threat research team, and our data scientists.

VulnCheck Launches Catalog of Known Exploited Vulnerabilities Fused with Exploit Intelligence

Retrieved on: 
Tuesday, February 27, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, CISA, Intelligence, Research, News, CVE, Growth, Catalog, KEV, Community, NVD, Risk management

VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.
  • Currently, VulnCheck tracks 876 more (or 81.04%) vulnerabilities exploited in the wild than CISA, and alerts customers before missing exploits are added to the CISA KEV catalog an average of 27 days earlier.
  • “This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.”
    Key features of VulnCheck’s KEV catalog include:
    Comprehensive CVE Tracking: VulnCheck provides security teams with the largest real-time collection of known exploited vulnerabilities.
  • The catalog includes supplementary external links to exploit content available in VulnCheck XDB, referencing publicly-available exploit proof of concept code where possible.