The IT Nerd

In a new blog post, Flashpoint talks about the NVD slowdown and what organizations should be thinking about as they work to stay updated on all vulnerabilities. 

Flashpoint released last week its annual Global Threat Intelligence Report that dug in depth on NVD as well. Here’s that section found on page 11:

Beyond CVE: Uncovering the Hidden Vulnerability Landscape 

Organizations strictly relying on CVE are likely unaware of nearly a third of known vulnerability risk. Flashpoint has documented over 100,000 vulnerabilities that CVE has failed to report, many of which affect major vendors such as Google and Microsoft. Flashpoint’s non-CVE coverage has also identified a significant number of issues affecting numerous third-party libraries—in addition to zero-day and in-the-wild exploits that are being used by threat actors. 

As of February 2024, Flashpoint analysts have cataloged 330 vulnerabilities that were discovered being exploited in the wild, that still do not have a CVE ID. These include vulnerabilities in: 

• Adobe Reader 
• Apple iOS 
• Apple macOS 
• Google Android 
• Microsoft SQL Server 
• Siemens SIMATIC 
• Solarwinds Orion Platform 

As of February 2024, the following have been exploited in some form of malware, yet do not have a CVE ID: 

• Apache Hadoop 
• Google Authenticator for Android 
• PHP 

Any vulnerability management team that feels underserved by their current coverage needs visibility into non-CVE issues—especially if they are leveraging legacy or end-of-life software. Having immediate access to actionable data empowers security teams to address issues, sometimes as fast as two weeks compared to CVE.

You can read the blog post here.

 The team from Flashpoint published a blog outlining the emerging threat of PikaBot malware.

The team reviewed and validated six different infection methods of the PikaBot attack chain identified by security researchers:

1. PDF lures
2. Windows Installer
3. Phishing emails
4. .HTA files
5. Windows Script Files
6. .XLL files

You can read the blog here: https://flashpoint.io/blog/emerging-threat-pikabot-malware/. 

Information-stealing malware, known as ‘stealers,’ have evolved significantly from their origins as banking trojans. Today, these stealthy programs have become a tool of choice for cybercriminals, due to their lightweight nature and ability to scrape a wide range of sensitive data.

This topic is covered in a new blog post from Flashpoint. The blog covers:

• The stealers’ evolution, their journey from the ZeuS trojan to today’s sophisticated versions.
• How the simplicity, source code availability, and low costs that drive their use.
• How their methods from initial infection to data exfiltration work.
• How cybercriminals exploit stolen data, including selling credentials and unauthorized account access.

You can read this blog post here: https://flashpoint.io/blog/evolution-stealer-malware/. 

The Flashpoint analyst team has written a blog late yesterday about the ALPHV/Blackcat downfall and crackdown on the ransomware group. The blog post makes for interesting reading about one of the most notorious ransomware groups.

You can read the blog post here:  https://flashpoint.io/blog/alphvs-downfall-crackdown-blackcat-ransomware/. 

I wanted to highlight a blog post from Flashpoint’s Brian Martin announcing that the company has found/identified over 100,000 hidden vulnerabilities beyond what CVE reports.

What does missing vulnerability data mean for organizations?

1. Facing the unseen danger: Vulnerability management programs that heavily rely on CVE data are likely operating on less than 70 percent of known vulnerability risk.
2. The hidden threats in plain sight: VulnDB’s non-CVE ID collection includes zero-days and discovered-in-the-wild vulnerabilities. There are known instances of threat actors using them in recent cyberattacks.
3. A wake-up call for major vendors: Non-CVE vulnerabilities also affect major vendors such as Google, Microsoft, Adobe, Apple, and more. They also affect well-known third-party libraries—a market historically underserved by MITRE, which administers the CVE Program.
4. Specialized industries, specialized risks: For organizations in highly specialized industries like manufacturing, medical, and blockchain technology, VulnDB’s non-CVE collection is particularly beneficial.
5. Using VulnDB, triaging and prioritizing non-CVE vulnerabilities is made easier. Every vulnerability entry (whether non-CVE or CVE) is standardized, containing up to 60 distinct classifications based on the disclosure. It also captures public citation, exploit details, CVSSv2, and CVSSv3 scores.

You can read the blog post here:  https://flashpoint.io/blog/vulndb-uncovers-hidden-vulnerabilities-cve/

Flashpoint has just released a new blog post that should interest you. It’s called Navigating the AI Threat Landscape: From Executive Orders to Cyber Frontlines. 

The post covers off on the good, the bad and the challenging of AI including the White House’s recent Executive Order. Flashpoint talk about AI threats, AI as a force multiplier for low-level attacks, the top 5 most common AI brands used by threat actors, and the rise of custom-built malicious AI models such as WormGPT and FraudGPT.

You can read the blog post here.

Flashpoint published a blog today about election security. Which is a timely topic given the times that we live in.

The blog covers protecting election security, the election security landscape, countering election threats and empowering election security.

You can read the blog post here: https://flashpoint.io/blog/digital-threats-election-security/.

Flashpoint released its H1 Cyber Threat Intelligence Index: https://flashpoint.io/blog/cyber-threat-intelligence-index-2023-midyear/.

Here are just a few of the points in the report: 

Flashpoint digs into the activity from ransomware groups over the past 12 months. Regarding ransomware, Flashpoint found:

• The most headline-grabbing cyber extortion event in the first half of 2023 was (and continues to be) the impact of the Clop ransomware group, which began exploiting the MOVEit zero-day vulnerability in May to gain illegal access to a wide range of victims. 
• As of August 9, the total number of victims—those posted on Clop’s ransomware blog combined with data from Flashpoint’s Cyber Risk Analytics (CRA) platform—totaled more than 650. This number includes companies that were directly attacked by Clop as well as third-party victims. 

Regarding Vulnerabilities over the past 6 months:

• 14,201 new vulnerabilities were reported in H1 2023, and 2,189 of them were missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD). 
• Over 36 percent of H1’s disclosed vulnerabilities have a working proof-of-concept or a known public exploit, giving low-level attackers an opportunity to compromise vulnerable systems. 

Regarding Data Breaches over the past 6 months, Flashpoint found:

• In H1 2023, Flashpoint analysts identified 2,893 data breach events, resulting in the loss of 5.94B records. 
• The highest number of breaches were recorded in the US. 

Flashpoint’s H1 2023 report also digs into Malware IOCs and Insider Threats. 

Flashpoint has released its H1 Cyber Threat Intelligence Index. Here are just a few of the points in the report:  

Flashpoint digs into the activity from ransomware groups over the past 12 months. Regarding ransomware, Flashpoint found:

• The most headline-grabbing cyber extortion event in the first half of 2023 was (and continues to be) the impact of the Clop ransomware group, which began exploiting the MOVEit zero-day vulnerability in May to gain illegal access to a wide range of victims.
• As of August 9, the total number of victims—those posted on Clop’s ransomware blog combined with data from Flashpoint’s Cyber Risk Analytics (CRA) platform—totaled more than 650. This number includes companies that were directly attacked by Clop as well as third-party victims.  

Regarding Vulnerabilities over the past 6 months:

• 14,201 new vulnerabilities were reported in H1 2023, and 2,189 of them were missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD). 
• Over 36 percent of H1’s disclosed vulnerabilities have a working proof-of-concept or a known public exploit, giving low-level attackers an opportunity to compromise vulnerable systems.  

Regarding Data Breaches over the past 6 months, Flashpoint found:

• In H1 2023, Flashpoint analysts identified 2,893 data breach events, resulting in the loss of 5.94B records.
• The highest number of breaches were recorded in the US.  

Flashpoint’s H1 2023 report also digs into Malware IOCs and Insider Threats. 

You can read the report here.

Flashpoint has published its July 2023 Cyber Threat Intelligence Index.  Here are some numbers from July:

• There were 515 ransomware attacks
• 1994 new vulnerabilities with 312 of them being missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD)
• 529 Data Breach events

The Index also deals with Insider Threats and the state of malware. You can read it here.