July 29, 2024 at 10:06AM Black Hat USA 2024 offers valuable insights for cybersecurity professionals. Despite the AI trend, vulnerability remediation remains a key focus. Sessions cover Amazon Web Services vulnerabilities, Microsoft’s use of large language models, CI/CD runner security risks, Google Cloud Platform vulnerabilities, and more. Emphasizes the need for proactive security culture and … Read more
May 7, 2024 at 07:34AM CISA’s Known Exploited Vulnerabilities (KEV) catalog, aimed at federal agencies, is also positively impacting private organizations, reducing average remediation time to under 175 days, compared to 621 for unlisted vulnerabilities. While both sectors often miss CISA deadlines, private organizations face longer patch times, with technology firms the fastest at 93 … Read more
April 10, 2024 at 01:21AM In April 2024, Microsoft released security updates addressing 149 flaws, including two actively exploited vulnerabilities. The flaws range in severity, with three critical, 142 important, three moderate, and one low. Two actively exploited flaws allow attackers to bypass security features. Additionally, other security updates were released by different vendors during … Read more
October 31, 2023 at 01:01PM A recent report from the Purple Book Community highlights the challenges faced by companies in achieving application security (AppSec) maturity. These challenges include a shortage of AppSec engineers, slow vulnerability remediation, and the increasing reliance on cloud infrastructure. Insufficient funding is also identified as a major obstacle. The report emphasizes … Read more
October 25, 2023 at 03:11PM The CVSS severity rating lacks real-world context, making it difficult for companies to prioritize fixes. Many vulnerabilities are harder to exploit than indicated by their CVSS scores. Factors such as exploitability in default configurations and specific attack conditions should be considered. The upcoming CVSS 4.0 update does not fully address … Read more