CyberSecurityBoard
Sponsor Register Login

CISA starts CVE "vulnrichment" program

This database is used by many vulnerability assessment and managament tools to automate the discovery and handling of security vulnerabilities affecting organizations' systems.
It has to be noted that most tools don't rely solely on the NVD to supply this data.
The fact that NIST's analysts have managed to analyze just 4523 of the 14280 CVEs they received since the start of the year is increasingly a problem.
Though NVD analysts are prioritizing the analysis of the most significant vulnerabilities, the backlog is growing.
The agency is encouraging the IT cybersecurity professional community to provide feedback on their effort, and expects the project to evolve quickly.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 09 May 2024 14:43:06 +0000


Cyber News related to CISA starts CVE "vulnrichment" program

CISA Announces CVE Enrichment Project 'Vulnrichment' - The US cybersecurity agency CISA on Wednesday announced a new project that aims to add important information to CVE records in an effort to help organizations improve their vulnerability management processes. The project is named Vulnrichment and its ...
1 year ago Securityweek.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
2 years ago Cisa.gov
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
6 months ago Cybersecuritynews.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
2 years ago Cisa.gov
CISA Confirms Continued Support for CVE Program, No Funding Issues - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy ...
9 months ago Cybersecuritynews.com
CISA to Congress: US Under Threat of Chemical Attacks - CISA warned this week that facilities maintaining dangerous chemicals across the US are no longer receiving adequate security support. Compared with such industries as energy, water, and telecoms, cybersecurity professionals tend to be less au ...
2 years ago Darkreading.com
CISA Hosts Second Cyber Resilient 911 Symposium - CISA's Emergency Communications Division led the Cyber Resilient 911 Program's second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands. Attendees ...
2 years ago Cisa.gov
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
2 years ago Cisa.gov CVE-2023-6928 CVE-2023-6929 CVE-2023-6930
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
2 years ago Go.theregister.com CVE-2023-26360
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
1 year ago Cisa.gov CVE-2024-41925 CVE-2024-45367
Yokogawa STARDOM - RISK EVALUATION. Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a specially crafted packet. This vulnerability may allow to a remote attacker to ...
2 years ago Cisa.gov CVE-2023-5915
CISA Provides Last-Minute Support to Keep CVE Program Running - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with MITRE Corporation, ensuring the uninterrupted operation of the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global cybersecurity ...
9 months ago Cybersecuritynews.com
Mitsubishi Electric Electrical Discharge Machines - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. Remote code execution ...
1 year ago Cisa.gov CVE-2023-21554
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote code execution. Delta Electronics InfraSuite Device Master contains a deserialization of untrusted data vulnerability because it runs a version of Apache ActiveMQ which ...
1 year ago Cisa.gov CVE-2023-46604
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family - As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT ...
2 years ago Cisa.gov CVE-2023-44317 CVE-2023-49692
Rockwell Automation FactoryTalk Activation - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the ...
2 years ago Cisa.gov CVE-2023-38545 CVE-2023-3935
Delta Electronics DOPSoft - RISK EVALUATION. Successful exploitation of this vulnerability could lead to remote code execution. The affected product is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate ...
2 years ago Cisa.gov CVE-2023-5944
Mitsubishi Electric FA Engineering Software Products - RISK EVALUATION. Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project file, which could result in information disclosure, tampering ...
2 years ago Cisa.gov CVE-2023-5247
WAGO PFC200 Series - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to access sensitive files in an unintended, undocumented way. Compact Controller CC100: Versions later than FW19, up to and ...
2 years ago Cisa.gov CVE-2023-4089
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
2 years ago Cisa.gov Cuba

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)