Wade Hansen, MBA⚡️’s Post

CISA's Known Exploited Vulnerabilities catalog shouldn't be your only source of threat intelligence. @RobLemos digs into why. Exploited Vulnerabilities Can Take Months to Make KEV List https://lnkd.in/duxSVXVB #DRTheEdge

This article highlights the critical need for companies to diversify their threat intelligence sources. In today's rapidly evolving threat landscape, relying solely on the KEV list for vulnerability management programs will not be sufficient. What additional sources of threat intelligence do you currently leverage to stay ahead of emerging cybersecurity threats? #Cybersecurity #ThreatIntelligence

@DarkReading CISA's Known Exploited Vulnerabilities catalog shouldn't be your only source of threat intelligence. @RobLemos digs into why. Exploited Vulnerabilities Can Take Months to Make KEV List https://lnkd.in/eFb_hdbs #DRTheEdge

CISA's Known Exploited Vulnerabilities catalog shouldn't be your only source of threat intelligence. @RobLemos digs into why. Exploited Vulnerabilities Can Take Months to Make KEV List https://lnkd.in/duxSVXVB #DRTheEdge

CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your systems. #CVE

MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done - https://lnkd.in/e9RUJ2EY

2023 𝗧𝗵𝗿𝗲𝗮𝘁 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲. In late December, Qualys reported 26,447 disclosed vulnerabilities in 2023, with less than 1% posing the highest risk. Among these, 206 had weaponized exploit code available, significantly increasing the likelihood of compromising target systems. Notably, 109 vulnerabilities with known exploitation evidence were listed in the CISA Known Exploited Vulnerabilities catalog (KEV). To qualify, a vulnerability must have a CVE ID, credible evidence of active exploitation, and a clear remediation action. Over a third of the high-risk vulnerabilities identified could be exploited remotely. CVE (Common Vulnerabilities and Exposures) is a standardized system designed for identifying and naming security vulnerabilities in various software and hardware products. It assigns a unique identifier to each vulnerability, making it simpler to track and reference vulnerabilities across different systems and databases. According to Qualys (source: https://lnkd.in/dycV56tc), the mean time to exploit vulnerabilities in 2023 is 44 days. In several cases, exploits were available on the same day vulnerabilities were published. The CISA KEV catalog, a dynamic list of known exploited vulnerabilities, is continually updated, making it a recommended foundation for organizations' vulnerability management plans, as these vulnerabilities have been observed in the wild to be actively exploited by CISA. 🔹 CVE: https://cve.mitre.org/ 🔹 CISA KEV: https://lnkd.in/giu6eaic #cve #vulnerability #vulnerabilitymanagement (Image credit: Qualys Blog)

75% of new vulnerabilities exploited within 19 days. Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in remediation efforts, with the average time to patch exceeding 100 days, contrasted against the finding that 75% of new vulnerabilities are exploited in 19 days or less. These findings underscore the urgent need for continuous exposure management and modern vulnerability mitigation strategies to safeguard against the growing risks of cyberattacks. 2023 witnessed a surge in vulnerabilities, with the National Vulnerability Database (NVD) recording a 17% year-over-year increase. Since the inception of the NVD thirty years ago, 234,579 CVEs have been cataloged, yet half of those have been discovered in just the past five years. https://lnkd.in/eeTEhUks

What is the US CISA Known Exploited Vulnerabilities catalog, and Why is it so Important? Found out in this quick 3-minute read: https://lnkd.in/eMerhANs

Tired of Constant CVE Alerts? Build a Zero-CVE Strategy! 🔥 In this blog post by Kunal Verma, we'll learn how to create a robust defense against vulnerabilities and put an end to CVE fatigue. Embrace a more secure environment with practical insights and strategies! Read now 👇 https://lnkd.in/gUG76Dkc #CVE #ZeroCVE #DevSecOps