Wednesday , December 25 2024

FIRST CVSS 4.0
FIRST releases new vulnerability scoring system CVSS 4.0

The Forum of Incident Response and Security Teams (FIRST) has recently announced the release of CVSS v4.0, the latest version of the Common Vulnerability Scoring System (CVSS) standard. This update comes more than eight years after the release of CVSS v3.0 in June 2015.

Version 4.0 of CVSS aims to improve vulnerability assessment for both industry and the public, according to FIRST.

BCSI officially announce National Vulnerability Disclosure Program (NVDP)

Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance the country's cybersecurity. This initiative...
Read More
BCSI officially announce National Vulnerability Disclosure Program (NVDP)

CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

Northwave Cyber Security has found a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. Northwave researcher claimed the backdoor was...
Read More
CVE-2024-9474  Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

A newly discovered vulnerability called "G-Door" enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts....
Read More
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available

Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw...
Read More
CVE-2024-53961  Adobe alerts of critical ColdFusion bug with PoC exploit available

Splunk targets Bangladeshi market: Investing in local talent

Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
Splunk targets Bangladeshi market: Investing in local talent

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies  Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

CVSS is used to measure the severity of security vulnerabilities. It assigns a numerical score to each vulnerability, which can be translated into levels like low, medium, high, and critical. This helps organizations prioritize their vulnerability management.

In July 2019, an important update was made to CVSS v3.1. It highlighted that CVSS is meant to gauge the seriousness of a vulnerability and should not be the sole factor in evaluating risk.

CVSS v3.1 has received criticism for its scoring scale and for not properly representing health, human safety, and industrial control systems.

The new standard has added extra metrics to assess vulnerabilities. These metrics include Safety (S), Automatable (A), Recovery (R), Value Density (V), Vulnerability Response Effort (RE), and Provider Urgency (U).

It introduces new names for scoring CVSS. The new names are Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).

“The recommended approach is to emphasize that CVSS encompasses more than just the Base score, and this terminology should be employed whenever a numerical CVSS value is presented or conveyed.”

“The CVSS Base Score should be considered in conjunction with the analysis of the environment and attributes that may change over time.”

Check Also

AI

AI-made nude images incident, one school, 50 female victim

Nearly half of the high school’s female students were victimized in AI based deepfake the …

Leave a Reply

Your email address will not be published. Required fields are marked *