Collaborate Disseminate
Taking Microsoft’s page on CVE-2024-20666 at face value, that Bitlocker vulnerability is darn serious in an "evil maid" attack:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage dev… Continue reading Is CVE-2024-20666 Bitlocker vulnerability mitigated by disabling Windows RE or removing the recovery parition?
Taking Microsoft’s page on CVE-2024-20666 at face value, that Bitlocker vulnerability is darn serious in an "evil maid" attack:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage dev… Continue reading Is CVE-2024-20666 Bitlocker vulnerability mitigated by disabling Windows RE or removing the recovery parition?
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live. Building iteratively on version 3 there are a few differences that in… Continue reading Does CVSS 4.0 solve the exploitability problem?
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnera… Continue reading The effect of omission bias on vulnerability management
How do I find the right CPE for my vendor and product?
for example. I use org.hibernate » hibernate-core » 5.3.16.Final Maven dependency. However, when searching on NVD site(https://nvd.nist.gov/vuln/search) for hibernate-core or hibernate… Continue reading How to find the right CPE for your vendor and product [closed]
I looked at the documentation for cpe Naming Specification Version 2.3
http://csrc.nist.gov/publications/nistir/ir7695/NISTIR-7695-CPE-Naming.pdf
Specification says, "*" or "-" is explained as "ANY" or "N… Continue reading What does a "?" mean in Common Product Enumeration (CPE)?
Data protection has come a long way. In previous years, it was considered a “nice to have” and a line item on the budget further down the page. Today, it’s top of mind for almost every CIO or CISO across all industries. Yet many organizations are caught in the crosshairs of cybersecurity challenges, often due […]
The post 5 common data security pitfalls — and how to avoid them appeared first on Security Intelligence.
Continue reading 5 common data security pitfalls — and how to avoid them
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventorie… Continue reading Creating a formula for effective vulnerability prioritization
With its innovative feature for generating reliable Vulnerability Exploitability eXchange (VEX) documents, Kubescape became the first open-source project to provide this functionality. This advancement offers security practitioners a powerful tool to e… Continue reading Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support
Opening a tricky question here, but do you think there are devices/assets on the network that are not worth including in a vulnerability scan scope?
I was thinking like A/C systems, Monitors, Docking stations… or whatever?
Do you think, … Continue reading Vulnerability scan scope