Update delays to NIST vulnerability database alarms researchers

Vital data used to protect against cyberattacks is missing from more than 2,000 of the latest entries in the world's most widely used vulnerability database.
A significant number of new CVEs added to the National Vulnerability Database in recent weeks have lacked enrichment data - details necessary for researchers and security teams to understand the bugs.
The NVD was established in 2005 by the U.S. National Institute of Standards and Technology and last year alone, information on more than 29,000 discovered flaws was added to the database.
A notice added to the NVD homepage on Feb. 15 said users could expect temporary delays in the posting of CVE analysis.
According to NetRise, only about 8% of the CVE entries added to the database since Feb. 12 have a CPE associated with them.
Enrichment was lacking from well over 2,000 entries according to separate analysis carried out by Anchore and Jerry Gamblin of Cisco Threat Detection & Response.
NIST has not provided any public explanation for the situation beyond its website notice.
VulnCheck security researcher Patrick Garrity noted on LinkedIn that the institute recently experienced its first budget cut in over a decade.
The volume of CVEs published each year has almost doubled from under 15,000 in 2017 to over 29,000 in 2023.
Vulnerability management tools depend on NVD. Chainguard CEO Dan Lorenc highlighted the lack of CPE matching to new vulnerabilities as being particularly problematic for organizations dependent on NVD data as part of their security efforts.
John Pescatore, SANS Technology Institute director of emerging security trends, drew a comparison between cybersecurity and road safety.


This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 19 Mar 2024 15:13:06 +0000


Cyber News related to Update delays to NIST vulnerability database alarms researchers

Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
1 year ago Securityboulevard.com
CMMC v2.0 vs NIST 800-171: Understanding the Differences - The NIST SP 800-171 lays out the requirements for any non-federal agency that handles controlled unclassified information, or other sensitive federal information. DFARS does not address the CMMC at all but a new clause is currently being drafted for ...
11 months ago Securityboulevard.com
NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - In a landmark move, the US National Institute of Standards and Technology has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on ...
11 months ago Infosecurity-magazine.com
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
11 months ago Techtarget.com
How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
9 months ago Securityintelligence.com
Update delays to NIST vulnerability database alarms researchers - Vital data used to protect against cyberattacks is missing from more than 2,000 of the latest entries in the world's most widely used vulnerability database. A significant number of new CVEs added to the National Vulnerability Database in recent ...
9 months ago Packetstormsecurity.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
CVE-2023-45666 - stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it ...
1 year ago Tenable.com
Major Database Security Threats and How to Prevent Them | Tripwire - Cybercriminals can also attempt to seize control of the organization’s data management system, altering privileges so they can gain database access at any time. Data loss prevention (DLP) solutions can do a lot to prevent occurrences like ...
2 months ago Tripwire.com
Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
11 months ago Feeds.dzone.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com
NIST Getting Outside Help for National Vulnerability Database - NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database back on track within the next few months. The organization informed the cybersecurity community in February that it should expect delays in ...
6 months ago Securityweek.com
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - NIST has published a report on adversarial machine learning attacks and mitigations, and cautioned that there is no silver bullet for these types of threats. Adversarial machine learning, or AML, involves extracting information about the ...
11 months ago Securityweek.com
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - A recent rise in software vulnerability exploits has come as the US National Vulnerability Database, the world's most comprehensive vulnerability database, experiences its most significant crisis in history. After experiencing a vulnerability ...
7 months ago Infosecurity-magazine.com
Top 7 Database Security Best Practices - Whether you're managing sensitive customer information or intricate analytics, database security should be at the top of your priority list. This article dives deep into the top 7 database security best practices that will help you fortify your ...
6 months ago Securityboulevard.com
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
1 year ago 404media.co
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
The US National Institute of Standards and Technology Announces the Successful Encryption Algorithm for Securing Internet of Things Data - The National Institute of Standards and Technology (NIST) recently announced that ASCON was the winning bid for its Lightweight Cryptography Program. This program was designed to find the best algorithm to protect small Internet of Things (IoT) ...
1 year ago Bleepingcomputer.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
9 months ago Bleepingcomputer.com
NIST NVD Disruption Sees CVE Enrichment on Hold - Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database, the world's most widely used software vulnerability database. Tom Pace, CEO of firmware security provider ...
9 months ago Infosecurity-magazine.com
Wordfence Intelligence Weekly WordPress Vulnerability Report - Last week, there were 95 vulnerabilities disclosed in 65 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress ...
10 months ago Wordfence.com
Windows 10 KB5037768 update released with new features and 20 fixes - Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. KB5037768 is a mandatory Windows 10 cumulative ...
7 months ago Bleepingcomputer.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
9 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)