Black Kite’s Post

CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your systems. #CVE

The headline is a bit alarmist, but a good time to remind you to: ▶️ review the required patches ▶️ perform your risk assessment ▶️ test your patches in a controlled environment ▶️ then roll out across the network It's important to note that just because a patch is not critical or important doesn't mean that I doesn't need to be installed. Many exploits are chained that take advantage of lower risk vulnerabilities first then escalate the attack. https://lnkd.in/eNve_eF6

CVE count set to rise by 25% in 2024 The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month

Tired of Constant CVE Alerts? Build a Zero-CVE Strategy! 🔥 In this blog post by Kunal Verma, we'll learn how to create a robust defense against vulnerabilities and put an end to CVE fatigue. Embrace a more secure environment with practical insights and strategies! Read now 👇 https://lnkd.in/gUG76Dkc #CVE #ZeroCVE #DevSecOps

Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)

In case you are wondering why vulnerabilities are slow to show up in your monthly scan results...

Have you guys seen this CVE prio tool? Looks useful: Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends. Kudos Mario R.

CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and the potential impact of vulnerabilities on your information system. https://lnkd.in/gvAVm4Pg #informationsecurity #github #cve #cisa

This year, the Expel SOC has already seen 20 severe vulnerabilities identified and exploited. We shine a light on the most dangerous of those vulnerabilities and tell you how to protect your org. https://okt.to/HBMECh

Specifically in #vulnerabilitymanagement using a vulnerability scanner such as Wiz, a code repo like GitHub or GitLab, and a ticketing system like ServiceNow or Jira, mapping can clarify when a vulnerability is marked high priority, when a ticket is created, who owns the ticket, what activity is taken to resolve the ticket in GitHub (or in the CI/CD), and when the ticket is closed and by whom. Over time, the security process fabric provides a longitudinal view of security processes. This will allow #CISOs to develop and track a new set of metrics that will measure process efficiency and progress in making processes more efficient. Security has always been a process but the lack of programmatic capture of processes has made them subject to recall error and high variability, generating security bottlenecks. Adding process mapping and incorporating process data plus contextual metadata that explains who, what, and why into a security process fabric finally closes the loop on security transparency. #riskprioritization #processintelligence