Betanews: Why vulnerability management needs a refresh [Q&A] https://betanews.com/2023/09/06/why-vulnerability-management-needs-a-refresh-qa/ #Vulnerabilitymanagement #threatdetection #cybersecurity #Article #QA

A question about a Firefox CVE from 2004 applying to versions less than 1.0 came up at work today. "How do you fix it?" the person asked. "Upgrade Firefox," I said.. "The current version is about 116, so I'm a little surprised to see this one coming up." #VulnerabilityManagement

Endlich ist Mastodon mainstream genug, um auch lUsTiGe Namen für Sicherheitslücken zu bekommen 🥰

https://www.golem.de/news/tootroot-mastodon-instanzen-liessen-sich-durch-spezielle-toots-kapern-2307-175646.html

#TootRoot #VulnerabilityManagement #ThankYourAdmins #CVE202336460

Hi! We have another Community Video :) In this one Joseph Lee from the Greenbone Community demonstrates how to do a quick first scan using the scan wizard to scan a local network IP and go over basic scan report formatting and other features.

#Greenbone #OpenVAS #VulnerabilityManagement

https://www.youtube.com/watch?v=MH4vVhHPm4s

Free #Atlassian #Jira #cloud #DevSecOps tab offers a glimpse into possibilities for future expansion in #softwaresecurity for the vendor. Katie Norton of IDC weighs in on key areas of opportunity.

https://www.techtarget.com/searchsoftwarequality/news/366539534/Free-Atlassian-Jira-DevSecOps-tab-opens-doors-to-expansion

#softwaredevelopment #vulnerabilitymanagement #devopssecurity #cybersecurity

Yesterday 🗓️ I made a prototype ⚙️ to improve #GitHub :github: #Dependabot when using #GoLang.

👉 If you’d like to try it out, and promise 🙏 to give feedback 🗣️, I can give a few people access to a private 🔒 repo before I open source 🤗something - just drop me your GitHub handle please.

Read on 👀 for how it works 👇

#SCA #AppSec #SupplyChainSecurity #DependencySubmission #AST #AbstractSyntaxTree #GitHubAdvisoryDatabase #VulnerabilityManagement

This post on Dark Reading discusses the 10 types of AI attacks that CISOs should track. The attacks include adversarial machine learning, deepfakes, and AI-powered spear-phishing. The post also talks about insider threats and vulnerability management in the context of AI attacks. https://www.darkreading.com/threat-intelligence/10-types-of-ai-attacks-cisos-should-track #AIAttacks #VulnerabilityManagement #InsiderThreats #softcorpremium

Es gibt eine neue Episode von Release.Patch.Repeat! 👉🏼 https://release-patch-repeat.letscast.fm/episode/drpr00009-geschwaetzige-saas-plattformen-schon-wieder-esxi

Die nicht ganz freiwilligen Mitwirkenden dieser Ausgabe sind mitteilungsbedürftige SaaS-Plattformen, Cisco, Zyxel, schon wieder ESXi, diverse Trittbretter wie Microsoft PaperCut Server oder Veeam Backup Software und ein Gen-Sequenzer.

#schwachstellen #vulnerabilities #ransomware #trojans #vulnerabilitymanagement #patchmanagement #cyberhygiene #cyberdefense #itsicherheit #itsecurity

Our first Community Video is done! 🎉 It's a tutorial and walkthrough on how to install the Greenbone Community Edition using Docker containers.

https://community.greenbone.net/blog/installing-community-edition-using-docker-containers/

If you’d like to follow along with the instructions- head on over to the original documentation by @bjoernricks at https://greenbone.github.io/docs/latest/22.4/container/index.html

Let us know what you think! Did you find it helpful? And what would you like to see in upcoming videos?

#Greenbone #OpenVAS #VulnerabilityManagement #Docker

Nach der Osterpause gibt es seit heute wieder eine neue Episode von Release.Patch.Repeat. Die Protagonisten dieser Folge sind unser Lieblingssorgenkind OT, Veritas, Microsoft und USB-Ladebuchsen am Flughafen. Außerdem gibt’s wieder interessante Reports, u. a. von Malwarebytes, Armorblox sowie neue Erkenntnisse zu IPFS Phishing-Kampagnen von Kaspersky

https://release-patch-repeat.letscast.fm/episode/drpr00008-ot-microsoft-und-usb-ladebuchsen

#phishing #vulnerabilities #vulnerabilitymanagement #patching #patchmanagement #itsecurity #cyberhygiene #resilienz

Hidden Vulnerability Of US Atlantic Coast To Sea-Level Rise Due To Vertical Land Motion
--
https://doi.org/10.1038/s41467-023-37853-7 <-- shared paper
--
#GIS #spatial #mapping #climatechange #sealevelrise #SLR #data #AtlanticCoast #risk #hazard #elevation #subsidence #rates #land #remotesensing #geodesy #geodetic #satellite #coast #coastal #landcover #vulnerability #marshes #coastalmarshes #wetlands #environmental #risk #hazard #vulnerability #vulnerabilitymanagement #mitigation #spatialanalysis #spatiotemporal #model #modeling #vertical #land #motion

This just arrived in the mail and I am very excited to dive in! Unlike previous books on the topic, this digs into the real meat of building a contextual score using a risk based approach and leveraging vulnerability and exploit data sets.

I am looking forward to further exploring the topic and using everything I can to improve my own working models and approach to this ever growing topic.

#VulnerabilityManagement #RiskModeling #DataLake

⚖️ Features Vs. #Vulnerability #patching who wins in your organization?

With product teams always wanting to release new features for their customers, security teams are worried about patching vulnerabilities on time.

As growth is a priority for any business, patching vulnerabilities often take a back seat, and it's always a trade-off to the features.

And it's the hackers who benefit from this - they get around 200+ days to target a vulnerability. 🐱‍💻

The solution?

Patch your vulnerabilities and release new features both at the same time!

We tell you how to patch your vulnerabilities within 24 hours in our upcoming free webinar - 16th March, 2:30 PM to 3:15 PM (IST)

This is your last chance to register for the webinar: bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #webinar #thoughtleadership #apptrana #indusface

Did you know that we have preconfigured containers for the Greenbone Community Edition? Here's insight into the why and how with @bjoernricks and @FeilnerIT over on our community blog at https://community.greenbone.net/blog/docker-container-for-greenbone-community-edition/

#VulnerabilityManagement #Greenbone #OpenVAS #Docker #containers

Es gibt eine neue Episode von Release.Patch.Repeat. Die nicht ganz freiwilligen Mitwirkenden dieser Ausgabe sind Fortinet, IBM, Netgear, Veeam, HashiCorp und ein Fax. Außerdem geht Kerstin kurz auf Threat Intelligence ein und wie sie hilft, fundierte Entscheidungen in der IT-Sicherheit zu treffen. Mehr darüber gibt es auch in einem neuen Artikel auf data-disrupted.de. Links findet ihr in den Show Notes.

https://release-patch-repeat.letscast.fm/episode/drpr00004-neue-schwachstellen-ein-fax-und-threat-intelligence

#vulnerabilitymanagement #vulnerabilities #itsecurity #itsicherheit

The Germany based #VulnerabilityManagement
company "Greenbone" changed its legal
status from a German "GmbH" (like a Limited)
to an "AG" (which means a joint-stock company). The "networks"
is dropped from the name. Important aspects stay the same: Still privatly held and
offering first-class vulnerability management based on #FreeSoftware.
@greenbone (Disclosure: my company is a share-holder).

👉 With the agile development process, tens of vulnerabilities get introduced into code in every sprint.

The average time vulnerabilities remain open is 180+ days from the time its discovered.

When it comes to business growth vs. security, business always wins, which means vulnerabilities are not patched on time allowing hackers to exploit them.

However, most of these can be patched using Virtual patching—in 24 hours and with ZERO impact on business continuity.

In the upcoming webinar, join Vivekanand Gopalan, VP of Product Management at Indusface, as he discusses:

- Vulnerability assessments and penetration testing best practices
- Fundamentals of virtual patching
- An example of a zero-day vulnerability that has been virtually patched

This is your last chance to book your seat. Register now! bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #webinar #thoughtleadership #apptrana #indusface

800 Million attacks were blocked despite having thousands of vulnerabilities open for >180 days!!​

The secret?​

All these applications leverage “virtual patching” to block complex attacks right at the WAF.

Understand more about what Virtual Patching is in our recent upcoming Webinar on 16th March - 2:30 PM to 3:15 PM (IST)

Book your seat now! bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #itwebinar #apptrana #indusface

Another unambiguous write up by Daniel Stenberg and very nice to learn some more about the subjective nature of the CVSS scores and how it all fits together.

How do we get the NVD to stop the insanity?

[...] In the curl project we decided to abandon CVSS years ago because of its inherent problems. Instead we use only the four severity names: Low, Medium, High, and Critical [...] I have talked to humans on the GitHub database team and I push for them to ignore or filter out the severity levels as set by NVD, if possible. But me being just a single complaining maintainer I do not expect this to have much of an effect. I would urge NVD to stop this insanity if I had any way to. [...]

https://daniel.haxx.se/blog/2023/03/06/nvd-makes-up-vulnerability-severity-levels/

#CVSS #NVD #CVE #MITRE #VulnerabilityManagement

Eine neue Episode von Release.Patch.Repeat. ist online: Die nicht ganz freiwilligen Mitwirkenden dieser Ausgabe sind Microsoft, die Trusted Computing Group, Terraform, Redis und Cisco. Außerdem geht Kerstin noch auf eine ganz besondere Schwachstelle ein: IT-Budgets.

Die Links zu ausführlicheren Infos, Patches, Blogposts, Reports und Artikeln gibt es wie immer in den Shownotes.

https://release-patch-repeat.letscast.fm/episode/drpr00003-neues-bootkit-fuer-alte-schwachstelle-und-andere-fehlkonfigurationen

#itsecurity #cybersecurity #vulnerabilities #vulnerabilitymanagement #DRPR #podcast