Security News

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential...

UK veterinary services provider CVS Group has announced that it suffered a cyberattack that disrupted IT services at its practices across the country. CVS Group operates 500 veterinary practices throughout the UK, Australia, the Netherlands, and the Republic of Ireland, including nine specialist referral hospitals, 39 dedicated out-of-hours sites, three laboratories, and seven pet crematoria.

The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3, as of November 2023 version 4.0 is officially live. Version 3.0 and CVSS in general, while being quite good at measuring the "Impact" of a vulnerability, wasn't very good at scoring its "Exploitability".

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after...

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild....

Abstract: The Common Vulnerability Scoring System is a popular method for evaluating the severity of vulnerabilities in vulnerability management. The goal of CVSS is to provide comparable scores across different evaluators.

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. Relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation.

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.