Security News

Cybersecurity breach experience strengthens CVs
2019-09-26 05:00

It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according...

Stop Using CVSS to Score Risk
2019-09-10 13:07

The mechanics of prioritizing one vulnerability’s business risk over another has always been fraught with concern. What began as securing business applications and infrastructure from...

CVSS 3.1: Refined and updated for easier adoption by the security community
2019-07-15 04:45

The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system...

FIRST Announces CVSS Version 3.1
2019-07-12 13:39

The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the...

CVSS Scores Often Misleading for ICS Vulnerabilities: Experts
2018-11-16 05:59

While the Common Vulnerability Scoring System (CVSS) can be useful for rating vulnerabilities, the scores assigned to flaws affecting industrial control systems (ICS) may be misleading, which can...

Vulnerabilities’ CVSS scores soon to be assigned by AI
2018-11-05 11:57

The National Institute of Standards and Technology (NIST) is planning to use IBM’s Watson to evaluate how critical publicly reported computer vulnerabilities are and assign an appropriate severity...

Alleged HIV Breach Leads to Suit Against CVS, Mailing Vendor
2018-03-23 20:17

Complaint Also Alleges CVS Failed to Notify HHS of the Mailing IncidentA class action lawsuit is seeking millions of dollars in damages for plaintiffs after yet another mailing-related health data...

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager
2017-10-31 01:01

A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over...