Articles about CVE

Despite the fast changing nature of the world of cybersecurity, it seems that when it comes to vulnerabilities there's still a place for the golden oldies.

New research by Rezilion find that more that 4.5 million internet-facing devices are still vulnerable to vulnerabilities discovered between 2010 to 2020. What's more, for most of these vulnerabilities, active scanning/exploitation attempts have taken place in the past 30 days too.

Continue reading →

The latest vulnerability intelligence report from Flashpoint finds that 52 percent of all vulnerabilities reported in the first half of 2022 that were scored 10.0 -- the most severe level -- on CVSS are likely scored incorrectly.

When scoring, CVSSv2 guidelines take a 'score for the worst' approach if details of some of the metrics used are unclear. But the report points out this has resulted in many vulnerabilities being scored a 10.0, even though they are actually less severe, simply due to vendors providing fewer details.

Continue reading →

The final quarter of 2021 saw a 356 percent growth in the number of attacks where the infection vectors were CVE or zero day vulnerabilities compared to Q3.

The latest Threat Landscape report from Kroll shows CVE/zero day exploitation accounted for 26.9 percent of initial access cases over the period, indicating that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit appears.

Continue reading →

Despite a sharp decrease of 19.2 percent observed earlier in the year, vulnerability disclosures in 2020 are expected to exceed 2019's level according to Risk Based Security.

The company's VulnDB team aggregated 23,269 vulnerabilities disclosed during 2020. Despite the initial disruption from COVID-19, the trend of total number of vulnerabilities suggests that business operations and routines have normalized as the gap has closed to 0.98 percent.

Continue reading →