vulnerabilities

A new report predicts a record-breaking 41,000 to 50,000 new Common Vulnerabilities and Exposures (CVEs) this year, based on data from the National Vulnerability Database (NVD).

The forecast, from the Forum of Incident Response and Security Teams (FIRST), suggests an 11 percent increase compared to 2024, and a whopping 470 percent increase compared to 2023.

A newly-released report from Swimlane shows that a worrying 68 percent of organizations say remediating a critical vulnerability takes them more than 24 hours.

The survey of 500 cybersecurity decision-makers across the US and UK reveals that 37 percent cite the top challenge in prioritization as a lack of context or accurate information. Similarly, 35 percent report this lack of context hampers their remediation efforts.

A new free discovery and lightweight attack surface assessment tool for Microsoft Power Platform aims to address the growing challenge of low-code/no-code (LCNC) shadow engineering.

The tool from Nokod Security offers visibility into LCNC assets created by citizen developers to help security teams know and understand the scale and presence of security risks.

It might sound like a Chinese secret society, but a new report warns that a 'toxic cloud triad' of publicly exposed, critically vulnerable and highly privileged cloud workloads is putting almost four in 10 organizations at risk.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk according to the Tenable Cloud Risk Report.

So far this year, vulnerabilities have risen by 11 percent and the availability of publicly known exploits has increased by six percent.

The latest Cyber Threat Intelligence Index from Flashpoint reveals 17,518 newly disclosed vulnerabilities in the first half of the year. Also, over 45 percent of all vulnerabilities disclosed in H1 2024 are rated high to critical in CVSSv3.

A new report from security testing platform Synack shows a rise in critical-severity vulnerabilities in 2023 compared to 2022.

On a positive note though, despite mounting pressures on security teams, organizations have reduced their mean time to remediation for critical-severity vulnerabilities by 24 days and high-severity vulnerabilities by 18 days, down to 56 and 74 days, respectively.

macOS and iOS have showed an increased exploitation rate of seven percent and eight percent, respectively. Although macOS reduced its total vulnerability by 29 percent from 2023 to 2022, exploited vulnerabilities have increased by over 30 percent.

This is among the findings of the Software Vulnerability Ratings Report from Action1 Corporation which offers insights into vulnerability trends within commonly used enterprise software categories, focusing on exploitation rate and Remote Code Execution (RCE) vulnerabilities.

Patching is something that we all know we have to do. But it is easier said than done. In reality, patching can be hard due to problems around application compatibility, having adequate downtime windows, or more pressing business risks to manage. This can lead to some very serious software problems being left open and vulnerable to exploitation.

Here are three examples of common software vulnerabilities that existed for years with updates available, yet are still regularly targeted by threat actors.

According to new research 82 percent of companies report an increase in the gap between the number of vulnerabilities/exposures in their environment and their ability to remediate them.

The 2024 State of Security Posture Survey from XM Cyber is based on a survey of 300 CISOs and security decision-makers from large organizations in the US and UK, and shows 62 percent of security and IT teams actively engage in the remediation of exposures or vulnerabilities, handling an average of 12 per week.