Kubescape open-source project adds Vulnerability Exploitability eXchange support

With its innovative feature for generating reliable Vulnerability Exploitability eXchange documents, Kubescape became the first open-source project to provide this functionality.
This advancement offers security practitioners a powerful tool to effectively prioritize and address software vulnerabilities.
Vulnerability Exploitability eXchange is a standard that facilitates the sharing and analyzing of information about vulnerabilities and their potential for exploitation.
VEX documents have emerged as a critical component in complementing Software Bill of Materials by informing users about the applicability of vulnerability findings.
Sourcing reliable and accurate VEX documents has been a significant challenge in the industry.
Software vendors with the most in-depth understanding of their products are ideally positioned to evaluate exploitable vulnerabilities.
The continuous effort required to maintain up-to-date VEX documents has hindered widespread adoption.
Open-source projects face a greater challenge due to limited resources and reliance on community contributions.
Consistently producing detailed VEX documents as part of these projects is a challenge.
As a result, the practical implementation of VEX documents across diverse software ecosystems has remained limited.
Kubescape is leveraging its eBPF-based Kubernetes runtime reachability capability to generate VEX documents automatically that provide clear and actionable signaling for vulnerability prioritization and management.
Using eBPF technology to detect loaded software packages during runtime, Kubescape distinguishes between less significant vulnerabilities and those that pose an actual risk in container environments.
Starting from version 1.16.2, the Kubescape Operator produces VEX documents and stores them as Kubernetes API objects.
This distinction enables security practitioners to focus on vulnerabilities that pose a genuine risk, significantly improving the signal-to-noise ratio of vulnerability scan results.
Integrating Kubescape-generated VEX documents with open-source vulnerability scanners like Grype and Trivy enhances vulnerability management capabilities.
By providing more precise results, Kubescape empowers users to prioritize and address vulnerabilities potentially harming their systems.
Kubescape is available as a free download on GitHub.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 11 Dec 2023 08:13:05 +0000


Cyber News related to Kubescape open-source project adds Vulnerability Exploitability eXchange support

Kubescape open-source project adds Vulnerability Exploitability eXchange support - With its innovative feature for generating reliable Vulnerability Exploitability eXchange documents, Kubescape became the first open-source project to provide this functionality. This advancement offers security practitioners a powerful tool to ...
1 year ago Helpnetsecurity.com
Microsoft: Exchange 2016 and 2019 reach end of support in six months - This week's warning comes after Microsoft reminded IT admins in January that Exchange Server 2016 and Exchange Server 2019 will no longer receive technical support starting in October. The Exchange Server Engineering Team also shared guidance for ...
1 month ago Bleepingcomputer.com
The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
1 year ago Doublepulsar.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
7 months ago Aws.amazon.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
7 years ago
Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
1 year ago Bleepingcomputer.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com Cactus
ARMO Launches First Cloud App Detection and Response to Unify Code to Cloud Runtime Security - ARMO CADR provides a full explainable and traceable runtime security story spanning the entire cloud stack and responds to threats without flooding teams with alerts. ARMO is a Cloud Runtime Security company providing the first open source ...
2 months ago Cybersecuritynews.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
1 year ago Darkreading.com CVE-2024-21410 CVE-2024-2140 CVE-2024-21412 CVE-2024-21351 Fancy Bear
ARMO Combines ChatGPT to Protect Kubernetes - ARMO has recently integrated ChatGPT AI into their open-source Kubernetes security platform Kubescape. This integration allows users to quickly create custom controls based on Open Policy Agent (OPA) to meet their unique security needs. OPA is a ...
2 years ago Hackread.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
2 years ago Csoonline.com
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
1 year ago Bleepingcomputer.com CVE-2021-26855 CVE-2021-27065
Dotnet Source Generators in 2024 Part 1: Getting Started - Security Boulevard - While nice, this incurs an execution of any classes marked as a source generator every time something changes in the project (i.e., delete a line of code, add a line of code, make a new file, etc.). As you can imagine, having something running every ...
7 months ago Securityboulevard.com
CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com
SiCat: Open-source exploit finder - SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential ...
1 year ago Helpnetsecurity.com
Internationalizing Efforts to Counter Tech Support Scams - The Central Bureau of Investigation, India's federal enforcement agency, recently conducted a series of criminal raids against illegal call centers across the country in an attempt to clamp down on tech support fraud. These raids were the result of a ...
1 year ago Darkreading.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov