Security News

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
2024-09-26 11:00

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential...

Cyberattack on UK’s CVS Group disrupts veterinary operations
2024-04-08 14:45

UK veterinary services provider CVS Group has announced that it suffered a cyberattack that disrupted IT services at its practices across the country. CVS Group operates 500 veterinary practices throughout the UK, Australia, the Netherlands, and the Republic of Ireland, including nine specialist referral hospitals, 39 dedicated out-of-hours sites, three laboratories, and seven pet crematoria.

Does CVSS 4.0 solve the exploitability problem?
2024-01-31 06:00

The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3, as of November 2023 version 4.0 is officially live. Version 3.0 and CVSS in general, while being quite good at measuring the "Impact" of a vulnerability, wasn't very good at scoring its "Exploitability".

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
2023-11-02 05:19

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after...

New CVSS 4.0 vulnerability severity rating standard released
2023-11-01 19:28

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
2023-09-27 05:23

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild....

Inconsistencies in the Common Vulnerability Scoring System (CVSS)
2023-09-05 11:03

Abstract: The Common Vulnerability Scoring System is a popular method for evaluating the severity of vulnerabilities in vulnerability management. The goal of CVSS is to provide comparable scores across different evaluators.

Relying on CVSS alone is risky for vulnerability management
2023-07-31 04:00

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. Relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation.

Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out
2023-07-16 08:30

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.

Back to work, Linux admins: You may have a CVSS 10 kernel bug to address
2022-12-24 10:00

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.