CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

April 3, 2024 at 10:12AM The Common Vulnerabilities and Exposures (CVE) List managed by MITRE and the National Vulnerability Database (NVD) overseen by NIST are no longer considered a single reliable source of vulnerability information. Challenges include missing vulnerabilities, false positives, and resource limitations. NIST, acknowledging the backlog, is seeking a consortium to improve vulnerability … Read more

Row breaks out over true severity of two DNSSEC flaws

March 26, 2024 at 04:29AM Two DNSSEC vulnerabilities, KeyTrap (CVE-2023-50387) and NSEC3-encloser (CVE-2023-50868), were disclosed with similar descriptions and a severity score of 7.5 out of 10. However, a study by the ATHENE team finds NSEC3-encloser is less severe than KeyTrap, contrary to MITRE’s assessment. This has led to concerns about the accuracy and quality … Read more

NVD slowdown leaves thousands of vulnerabilities without analysis data

March 22, 2024 at 09:53AM The NIST has drastically reduced the analysis of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database, posing challenges for IT security professionals. The organization’s budget cuts and workload are suspected reasons. The cybersecurity community is concerned about the impact, although alternative sources like Open Source Vulnerabilities are available. … Read more

NIST Launches Cybersecurity Framework (CSF) 2.0

March 20, 2024 at 01:47AM NIST released Cybersecurity Framework (CSF) 2.0 on Feb 26, 2024. It provides guidelines to reduce cyber risk and enhance security posture, consisting of functions and categories. The update introduces Governance as a separate pillar, emphasizing its importance in cybersecurity risk management strategy. The impact will lead to changes in tracking … Read more

How the New NIST 2.0 Guidelines Help Detect SaaS Threats

March 18, 2024 at 09:54AM The SaaS ecosystem has rapidly expanded since NIST’s cybersecurity framework 1.1 and SaaS is now the main way businesses use software. The just-released NIST Cybersecurity Framework (CSF) 2.0 seem to prioritize SaaS security needs. Recent breaches highlight the importance of adhering to NIST standards. Applying NIST 2.0 guidelines through SSPM … Read more

Webinar Tomorrow: OT Cybersecurity Risk Mitigation Strategies

March 4, 2024 at 08:48AM Increased digital technologies and connectivity in industrial operations raise cybersecurity risks for Operational Technology (OT). Compliance with NIST, NIS2, ISA, and IEC standards is crucial for mitigating OT cybersecurity threats. Join SecurityWeek and Honeywell for a live webinar on March 5th at 11AM ET to gain insights from industry experts … Read more

NIST Cybersecurity Framework 2.0: 4 Steps To Get Started

March 1, 2024 at 02:33PM The latest draft of the NIST Cybersecurity Framework introduces significant changes, including a new “Govern” function and expanded best practices. Organizations must assess the impact on their cybersecurity programs and consider factors such as supply chain security. Utilizing NIST resources, discussing the “Govern” function with leadership, and re-evaluating vendor support … Read more

NIST updates Cybersecurity Framework after a decade of lessons

February 27, 2024 at 01:50PM NIST has released version 2.0 of its Cybersecurity Framework (CSF), expanding its scope to offer security tips for all organizations. Newly introduced resources include quick-start guides, implementation examples, and a new core risk management function called “govern.” NIST plans to continue enhancing the framework and encourages users to share feedback … Read more

NIST Cybersecurity Framework 2.0 Officially Released

February 27, 2024 at 06:45AM NIST released Cybersecurity Framework (CSF) 2.0, now applicable to all organizations regardless of size or sector. The update introduces the govern function to enhance risk management. CSF 2.0 provides resources, implementation examples, and a reference catalog. It supports National Cybersecurity Strategy and emphasizes ICS/OT cybersecurity. The suite of customizable resources … Read more

SaaS Compliance through the NIST Cybersecurity Framework

February 20, 2024 at 06:27AM The NIST cybersecurity framework is crucial for securing SaaS applications. Challenges arise due to varied settings in each application. Universal configurations, RBAC, limited redundancy, elimination of external admins, Admin MFA, and preventing data leaks are important. Strengthen passwords, prevent password spray attacks, and ensure proper configurations to align SaaS security … Read more