Hackaday

This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model

This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced ...

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS vulnerability triage missed a chained Palo Alto attack that hit 13,000 devices. Five failure classes and the fixes security directors can act on now.
Dark Reading

CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem

The soon-to-be-released Version 4.0 of the Common Vulnerability Scoring System (CVSS) promises to fix a number of issues with the severity metric for security bugs. But vulnerability experts say that ...
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
Dark Reading

CVSS 4.0 Offers Significantly More Patching Context

The latest version of the Common Vulnerability Scoring System (CVSS version 4.0), released last week, should enable organizations to better assess and manage the risk that a security bug might pose to ...
CSOonline

How EPSS 3.0 is an improvement over previous versions of the threat assessment system

In late 2022, we compared the Exploit Prediction Scoring System (EPSS) and the widely used Common Vulnerability Scoring System (CVSS). Now EPSS 3.0 brings a more comprehensive, efficient, and ...
Bleeping Computer

New CVSS 4.0 vulnerability severity rating standard released

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the ...
Hackaday

This Week In Security: CVSS 4, OAuth, And ActiveMQ

We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times ...
MedTech Intelligence

The Medical Device Cybersecurity Gap Hiding in Plain Sight

In healthcare, a cyber vulnerability is not just an IT problem. It can quickly become a patient-care problem.” ...
CSOonline

Security researchers find deep flaws in CVSS vulnerability scoring system

Cybersecurity experts from financial giant JPMorganChase say the cybersecurity community is being misled about the severity of vulnerabilities by the CVSS, which threatens to seriously hinder ...
Infosecurity-magazine.com

New CVSS Version Unveiled Amid Rising Cyber Threats

A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023. CVSS is the open industry ...