Sunday , November 24 2024

FIRST CVSS 4.0
FIRST releases new vulnerability scoring system CVSS 4.0

infosecbulletin Thursday , November 2 2023 Hot Topic, International

The Forum of Incident Response and Security Teams (FIRST) has recently announced the release of CVSS v4.0, the latest version of the Common Vulnerability Scoring System (CVSS) standard. This update comes more than eight years after the release of CVSS v3.0 in June 2015.

Version 4.0 of CVSS aims to improve vulnerability assessment for both industry and the public, according to FIRST.

MITRE discloses 2024 CWE Top 25 critical software flaw

By infosecbulletin / Sunday , November 24 2024
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The...
Read More
MITRE discloses 2024 CWE Top 25 critical software flaw

Python NodeStealer: harvest credit card and Facebook Ads Manager

By infosecbulletin / Sunday , November 24 2024
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range....
Read More
Python NodeStealer: harvest credit card and Facebook Ads Manager

Cisco Talos
Over 60% of Emails with QR Codes are spam

By infosecbulletin / Saturday , November 23 2024
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people...
Read More
Cisco Talos Over 60% of Emails with QR Codes are spam

CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

By infosecbulletin / Saturday , November 23 2024
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate...
Read More
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

Daily Security Digest Dated 11/23/24

By infosecbulletin / Saturday , November 23 2024
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Digest Dated 11/23/24

SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

By infosecbulletin / Friday , November 22 2024
SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a...
Read More
SafetyDetectives’ Research Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

Over 145,000 ICS Across 175 Countries Found Exposed Online

By infosecbulletin / Friday , November 22 2024
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...
Read More
Over 145,000 ICS Across 175 Countries Found Exposed Online

World to see AI powered “human washing machines”

By infosecbulletin / Friday , November 22 2024
Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...
Read More
World to see AI powered “human washing machines”

Hacker compromised over 2000 Palo Alto Networks Firewalls

By infosecbulletin / Friday , November 22 2024
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...
Read More
Hacker compromised over 2000 Palo Alto Networks Firewalls

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

By infosecbulletin / Thursday , November 21 2024
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

CVSS is used to measure the severity of security vulnerabilities. It assigns a numerical score to each vulnerability, which can be translated into levels like low, medium, high, and critical. This helps organizations prioritize their vulnerability management.

In July 2019, an important update was made to CVSS v3.1. It highlighted that CVSS is meant to gauge the seriousness of a vulnerability and should not be the sole factor in evaluating risk.

CVSS v3.1 has received criticism for its scoring scale and for not properly representing health, human safety, and industrial control systems.

The new standard has added extra metrics to assess vulnerabilities. These metrics include Safety (S), Automatable (A), Recovery (R), Value Density (V), Vulnerability Response Effort (RE), and Provider Urgency (U).

It introduces new names for scoring CVSS. The new names are Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).

“The recommended approach is to emphasize that CVSS encompasses more than just the Base score, and this terminology should be employed whenever a numerical CVSS value is presented or conveyed.”

“The CVSS Base Score should be considered in conjunction with the analysis of the environment and attributes that may change over time.”

Check Also

bitcoin

SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin