NIST Getting Outside Help for National Vulnerability Database

NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database back on track within the next few months.
The organization informed the cybersecurity community in February that it should expect delays in the analysis of Common Vulnerabilities and Exposures identifiers in the NVD, saying that it was working to establish a consortium to improve the program.
While looking for long-term solutions to this problem, the agency has been prioritizing the analysis of the most serious vulnerabilities.
In its latest update, shared on May 29, NIST said it has awarded a contract for additional processing support for the NVD. The name of the company that got the contract has not been disclosed.
Regarding the backlog of unprocessed CVEs, NIST noted that it's also working with the cybersecurity agency CISA to add the unprocessed vulnerabilities to the database.
The organization expects to clear the backlog by the end of the fiscal year.
The government's fiscal year ends on September 30.
SecurityWeek spoke to several experts in April about the issues surrounding the NVD and why it can no longer be considered a single central source of vulnerability truth.
An analysis conducted recently by vulnerability management firm VulnCheck showed that of the 12,720 security flaws added to the NVD since February, 11,885 have not been analyzed or enriched with critical data.
More than half of vulnerabilities known to have been exploited in attacks have yet to be analyzed.
CISA announced recently the launch of a new project named Vulnrichment, which aims to add important information to CVE records in an effort to help organizations improve their vulnerability management processes.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 30 May 2024 15:43:05 +0000


Cyber News related to NIST Getting Outside Help for National Vulnerability Database

Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
11 months ago Securityboulevard.com
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
10 months ago Techtarget.com
CMMC v2.0 vs NIST 800-171: Understanding the Differences - The NIST SP 800-171 lays out the requirements for any non-federal agency that handles controlled unclassified information, or other sensitive federal information. DFARS does not address the CMMC at all but a new clause is currently being drafted for ...
10 months ago Securityboulevard.com
NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - In a landmark move, the US National Institute of Standards and Technology has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on ...
10 months ago Infosecurity-magazine.com
NIST Getting Outside Help for National Vulnerability Database - NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database back on track within the next few months. The organization informed the cybersecurity community in February that it should expect delays in ...
5 months ago Securityweek.com
How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
8 months ago Securityintelligence.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Major Database Security Threats and How to Prevent Them | Tripwire - Cybercriminals can also attempt to seize control of the organization’s data management system, altering privileges so they can gain database access at any time. Data loss prevention (DLP) solutions can do a lot to prevent occurrences like ...
1 month ago Tripwire.com
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution - RansomLord: Open-source anti-ransomware exploit toolRansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. Attackers are probing Check Point Remote Access VPN devicesAttackers ...
5 months ago Helpnetsecurity.com
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - A recent rise in software vulnerability exploits has come as the US National Vulnerability Database, the world's most comprehensive vulnerability database, experiences its most significant crisis in history. After experiencing a vulnerability ...
6 months ago Infosecurity-magazine.com
8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
10 months ago Darkreading.com
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - NIST has published a report on adversarial machine learning attacks and mitigations, and cautioned that there is no silver bullet for these types of threats. Adversarial machine learning, or AML, involves extracting information about the ...
10 months ago Securityweek.com
Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
10 months ago Feeds.dzone.com
Top 7 Database Security Best Practices - Whether you're managing sensitive customer information or intricate analytics, database security should be at the top of your priority list. This article dives deep into the top 7 database security best practices that will help you fortify your ...
5 months ago Securityboulevard.com
The US National Institute of Standards and Technology Announces the Successful Encryption Algorithm for Securing Internet of Things Data - The National Institute of Standards and Technology (NIST) recently announced that ASCON was the winning bid for its Lightweight Cryptography Program. This program was designed to find the best algorithm to protect small Internet of Things (IoT) ...
1 year ago Bleepingcomputer.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
8 months ago Bleepingcomputer.com
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
9 months ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
NIST NVD Disruption Sees CVE Enrichment on Hold - Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database, the world's most widely used software vulnerability database. Tom Pace, CEO of firmware security provider ...
8 months ago Infosecurity-magazine.com
FAQ: What Is DFARS Compliance and How Does It Work? - Our intention is to offer a comprehensive perspective on DFARS in the context of cybersecurity, its various clauses, and the intricacies of maintaining compliance as these rules constantly shift and change over time. Size doesn't matter - big global ...
10 months ago Securityboulevard.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Roundup: Federal action that shaped cybersecurity in 2023 - As 2023 draws to a close, it's time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level. These ...
10 months ago Securityintelligence.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
10 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)