Collaborate Disseminate
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro̵… Continue reading Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mont… Continue reading Ivanti vows to transform its security operating model, reveals new vulnerabilities
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. N… Continue reading NVD: NIST is working on longer-term solutions
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who reg… Continue reading NIST’s NVD has encountered a problem
Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the next … Continue reading How new and old security threats keep persisting
The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more… Continue reading Preparing for the NIS2 Directive
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens… Continue reading CVE count set to rise by 25% in 2024
Taking Microsoft’s page on CVE-2024-20666 at face value, that Bitlocker vulnerability is darn serious in an "evil maid" attack:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage dev… Continue reading Is CVE-2024-20666 Bitlocker vulnerability mitigated by disabling Windows RE or removing the recovery parition?
Taking Microsoft’s page on CVE-2024-20666 at face value, that Bitlocker vulnerability is darn serious in an "evil maid" attack:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage dev… Continue reading Is CVE-2024-20666 Bitlocker vulnerability mitigated by disabling Windows RE or removing the recovery parition?
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live. Building iteratively on version 3 there are a few differences that in… Continue reading Does CVSS 4.0 solve the exploitability problem?