Security News

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
2024-09-26 11:00

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential...

Does CVSS 4.0 solve the exploitability problem?
2024-01-31 06:00

The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3, as of November 2023 version 4.0 is officially live. Version 3.0 and CVSS in general, while being quite good at measuring the "Impact" of a vulnerability, wasn't very good at scoring its "Exploitability".

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
2023-11-02 05:19

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after...

New CVSS 4.0 vulnerability severity rating standard released
2023-11-01 19:28

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
2023-09-27 05:23

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild....

Inconsistencies in the Common Vulnerability Scoring System (CVSS)
2023-09-05 11:03

Abstract: The Common Vulnerability Scoring System is a popular method for evaluating the severity of vulnerabilities in vulnerability management. The goal of CVSS is to provide comparable scores across different evaluators.

Relying on CVSS alone is risky for vulnerability management
2023-07-31 04:00

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. Relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation.

Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out
2023-07-16 08:30

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities
2023-07-13 11:19

The numerical score can be represented as a qualitative severity rating to help organizations properly assess and prioritize their vulnerability management processes and prepare defences against cyber-attacks.CVSS version 1 was released in February 2005, developed then by a small group of pioneers with the aim of industry-wide adoption, with FIRST appointed that April to drive the future development of what would become a critical tool in the sector's arsenal.