Flashpoint Publishes A Blog Post About NVD Slowdown
In a new blog post, Flashpoint talks about the NVD slowdown and what organizations should be thinking about as they work to stay updated on all vulnerabilities.
Flashpoint released last week its annual Global Threat Intelligence Report that dug in depth on NVD as well. Here’s that section found on page 11:
Beyond CVE: Uncovering the Hidden Vulnerability Landscape
Organizations strictly relying on CVE are likely unaware of nearly a third of known vulnerability risk. Flashpoint has documented over 100,000 vulnerabilities that CVE has failed to report, many of which affect major vendors such as Google and Microsoft. Flashpoint’s non-CVE coverage has also identified a significant number of issues affecting numerous third-party libraries—in addition to zero-day and in-the-wild exploits that are being used by threat actors.
As of February 2024, Flashpoint analysts have cataloged 330 vulnerabilities that were discovered being exploited in the wild, that still do not have a CVE ID. These include vulnerabilities in:
Adobe Reader
Apple iOS
Apple macOS
Google Android
Microsoft SQL Server
Siemens SIMATIC
Solarwinds Orion Platform
As of February 2024, the following have been exploited in some form of malware, yet do not have a CVE ID:
Apache Hadoop
Google Authenticator for Android
PHP
Any vulnerability management team that feels underserved by their current coverage needs visibility into non-CVE issues—especially if they are leveraging legacy or end-of-life software. Having immediate access to actionable data empowers security teams to address issues, sometimes as fast as two weeks compared to CVE.
This entry was posted on April 3, 2024 at 8:16 am and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Flashpoint Publishes A Blog Post About NVD Slowdown
In a new blog post, Flashpoint talks about the NVD slowdown and what organizations should be thinking about as they work to stay updated on all vulnerabilities.
Flashpoint released last week its annual Global Threat Intelligence Report that dug in depth on NVD as well. Here’s that section found on page 11:
Beyond CVE: Uncovering the Hidden Vulnerability Landscape
Organizations strictly relying on CVE are likely unaware of nearly a third of known vulnerability risk. Flashpoint has documented over 100,000 vulnerabilities that CVE has failed to report, many of which affect major vendors such as Google and Microsoft. Flashpoint’s non-CVE coverage has also identified a significant number of issues affecting numerous third-party libraries—in addition to zero-day and in-the-wild exploits that are being used by threat actors.
As of February 2024, Flashpoint analysts have cataloged 330 vulnerabilities that were discovered being exploited in the wild, that still do not have a CVE ID. These include vulnerabilities in:
As of February 2024, the following have been exploited in some form of malware, yet do not have a CVE ID:
Any vulnerability management team that feels underserved by their current coverage needs visibility into non-CVE issues—especially if they are leveraging legacy or end-of-life software. Having immediate access to actionable data empowers security teams to address issues, sometimes as fast as two weeks compared to CVE.
You can read the blog post here.
Share this:
Like this:
Related
This entry was posted on April 3, 2024 at 8:16 am and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.