Common Weakness Enumeration

MITRE, Red Balloon Security, and Narf Announce EMB3D™ – A Threat Model for Critical Infrastructure Embedded Devices

Retrieved on: 
Wednesday, December 13, 2023
Technology, Security, Health Technology, Software, Networks, Government Technology, Hardware, Health, Defense, MITRE, Threat model, Research, CISA, Common Weakness Enumeration, Common Vulnerability Scoring System, Public sector, Natural gas, Red Balloon, Operational technology, ICS, Onega, Russia, Risk management

Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.

Key Points: 
  • Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.
  • The EMB3D™ Threat Model, a collaborative effort by MITRE , Niyo Little Thunder Pearson ( ONEGas, Inc.), Red Balloon Security , and Narf Industries , provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.
  • These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.
  • “Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies.

Cybellum's Product Security Platform Achieves Mitre's CWE-Compatible Designation

Retrieved on: 
Wednesday, November 22, 2023
MITRE, Compatibility, ARM, Safety, Policy, Mitre, MIPS, Organization, Common Weakness Enumeration, Language, Research, Intel, Documentation, CPU, VM, PowerPC, Microsoft Windows, Software, Mitre Corporation, TEL, Microsoft, Service, CWE, Triage, Risk management, Cryptocurrency, Java

TEL AVIV, Israel, Nov. 22, 2023 /PRNewswire/ --  Cybellum, creators of the award-winning Product Security Platform, announced today that its Product Security Platform has been formally designated as "CWE-Compatible" by the MITRE Corporation's Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. The designation means that Chief Product Security Officers (CPSOs) and their teams are able to manage the vulnerabilities and associated risks identification posed to their connected devices within a globally trusted framework.

Key Points: 
  • TEL AVIV, Israel, Nov. 22, 2023 /PRNewswire/ -- Cybellum , creators of the award-winning Product Security Platform, announced today that its Product Security Platform has been formally designated as "CWE-Compatible" by the MITRE Corporation's Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program.
  • The designation means that Chief Product Security Officers (CPSOs) and their teams are able to manage the vulnerabilities and associated risks identification posed to their connected devices within a globally trusted framework.
  • "Cybellum's Product Security Platform aligns security and compliance teams, developers, and executives around one source of security truth that they can all rely on for ongoing vulnerability monitoring and compliance with the ever-changing landscape of emerging regulations."
  • The collaborative nature of CWE ensures that it remains a dynamic and evolving resource that reflects the latest insights into product security.

Harness Empowers Developers with Generative AI Assistant for the Software Development Life Cycle: Announces the Launch of AIDA™

Retrieved on: 
Wednesday, June 21, 2023
Cloud, DevOps, SDLC, Harness, Automated code review, CD, Software development process, Common Vulnerability Scoring System, CWE, LLM Lettering, Computation, Continuity, CVE, CI, Continuous deployment, Continuous integration, Common Weakness Enumeration, AIDA, AI, Deployment, Medical device

SAN FRANCISCO, June 21, 2023 /PRNewswire/ -- Harness Inc., the Modern Software Delivery Platform® company, today unveiled its pioneering AI assistant, AIDA (AI Development Assistant), a game-changer for the entire Software Development Life Cycle (SDLC). This innovative approach to AI for software delivery stands in contrast to traditional AI applications in the field that primarily focus on generating and assisting with code development. This comprehensive AI solution is available free of charge to all Harness customers and will be seamlessly integrated across all Harness platform workflows and capabilities, including Continuous Integration (CI), Continuous Deployment (CD), Cloud Cost Management, and Feature Flags.

Key Points: 
  • This innovative approach to AI for software delivery stands in contrast to traditional AI applications in the field that primarily focus on generating and assisting with code development.
  • We're committed to harnessing the potential of generative AI to address real-world developer challenges across the entire lifecycle of code."
  • Harness forecasts a 30-50% boost in software engineering teams' productivity with generative AI.
  • Building upon Harness's legacy of AI for DevOps, AIDA is now redefining and reimagining the use of generative AI for software delivery.

76% of Vulnerabilities Currently Exploited by Ransomware Groups Were Discovered Before 2020, Report Finds

Retrieved on: 
Thursday, February 16, 2023
Data Management, Security, Technology, Software, Networks, Internet, Organization, Securin, Privilege escalation, MITRE, Government, Gold, APT, Public sector, Common Weakness Enumeration, Apache, Vulnerability management, Face, Hygiene, CVE-2021-45046, Lens, Common Vulnerability Scoring System, Knowledge, Daddy Kev, ATT&CK, CVSS, CISA, CSW, CWE, Cryptocurrency, Telescope, Risk management, Mining

Kill chains impact more IT products: A complete MITRE ATT&CK now exists for 57 vulnerabilities associated with ransomware.

Key Points: 
  • Kill chains impact more IT products: A complete MITRE ATT&CK now exists for 57 vulnerabilities associated with ransomware.
  • More APT groups are launching ransomware attacks: CSW observed more than 50 Advanced Persistent Threat (APT) groups deploying ransomware to launch attacks—a 51% increase from 33 in 2020.
  • Many vulnerabilities have not yet been added to CISA’s KEV list: While the CISA Known Exploited Vulnerabilities (KEVs) catalog contains 8661 vulnerabilities, 131 of the vulnerabilities associated with ransomware are yet to be added.
  • Old is still gold for ransomware operators: More than 76% of vulnerabilities still being exploited by ransomware were discovered between 2010 and 2019.

Cyber-physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months

Retrieved on: 
Tuesday, February 14, 2023
Life, CWE, MITRE, Attack vector, Water, Internet of things, Common Weakness Enumeration, Data, NVD, Schneider Electric, Safety, Internet, Extension, Level, Research, Industrial control system, CVSS, Health, IoMT, National Vulnerability Database, ICS, CERT, Cryptocurrency, Risk management, Online shopping, Medical device, OT

NEW YORK, Feb. 14, 2023 /PRNewswire/ -- Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to the State of XIoT Security Report: 2H 2022 released today by Claroty, the cyber-physical systems protection company. These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments, and that XIoT vendors are dedicating more resources to examining the security and safety of their products than ever before.

Key Points: 
  • "Cyber-physical systems power our way of life.
  • Affected Devices: 62% of published OT vulnerabilities affect devices at Level 3 of the Purdue Model for ICS.
  • Mitigations: The top mitigation step is network segmentation (recommended in 29% of vulnerability disclosures), followed by secure remote access (26%) and ransomware, phishing, and spam protection (22%).
  • Special thanks to the entirety of Team82 for providing exceptional support to various aspects of this report and research efforts that fueled it.

AdaCore Collaborates with Synopsys to Offer Ada Static Analysis Solution to Coverity Customers

Retrieved on: 
Wednesday, December 14, 2022
Hardware, Other Defense, Contracts, Semiconductor, Automotive Manufacturing, Security, Aerospace, Data Management, Manufacturing, Consumer Electronics, Technology, Audio, Video, Defense, Other Technology, Software, Engineering, Coverity, C, Language, GNAT, Common Weakness Enumeration, Microsoft Windows, Product management, CodePeer, Safety, Business Integration Group, Inc., Risk management, Online shopping, Synopsys, Linux

AdaCore , a trusted provider of software development and verification tools, today announced that it is collaborating with Synopsys Software Integrity Group , a leading provider of advanced application security testing tools, to make AdaCores GNAT Static Analysis Suite available to Synopsys Coverity static analysis customers.

Key Points: 
  • AdaCore , a trusted provider of software development and verification tools, today announced that it is collaborating with Synopsys Software Integrity Group , a leading provider of advanced application security testing tools, to make AdaCores GNAT Static Analysis Suite available to Synopsys Coverity static analysis customers.
  • To support Coverity customers needing static analysis for the Ada programming language, Synopsys is working with the leading Ada expert, AdaCore.
  • Joint customers will be able to use AdaCores GNAT Static Analysis Suite for Ada, integrated within the Coverity solution, providing a common interface to navigate static analysis results for all languages.
  • The GNAT Static Analysis Suite is a full complement of proven static analysis tools specifically for Ada.

Smaller Code, Higher Performance: Latest IAR Embedded Workbench for RISC-V Leverages CoDense™ from Andes

Retrieved on: 
Wednesday, November 16, 2022
Electronic Design Automation, Data Management, Semiconductor, Security, Technology, Other Technology, Software, Symmetric multiprocessing, MCU, CERT, Visual Studio Code, Asymmetric, Software, MISRA C, SME, Andes Technology, Developer, Arm, Symmetry, IAR, IAR Systems, The Hepatitis C Trust, Name, Certification, MISRA, AMP, ISA, Socs, SMP, Safety, Common Weakness Enumeration, Instruction set architecture, Trace, Coremark, CWE, IOT, Architecture, Video game console

IAR Systems, the world leader in software and services for embedded development, has just announced the full support of their latest release of IAR Embedded Workbench for RISC-V for the CoDense extension of Andes Technologys AndeStar V5 RISC-V processor.

Key Points: 
  • IAR Systems, the world leader in software and services for embedded development, has just announced the full support of their latest release of IAR Embedded Workbench for RISC-V for the CoDense extension of Andes Technologys AndeStar V5 RISC-V processor.
  • Andes is a founding Premier member of RISC-V International and a leading supplier of high-performance/low-power 32/64-bit embedded processor IP solutions.
  • For more information on the IAR Embedded Workbench for RISC-V, the functional safety-certified edition of the tool suite, and IAR Systems overall offering for RISC-V, please visit https://www.iar.com/riscv .
  • Editor's Note: IAR Systems, IAR Embedded Workbench, Embedded Trust, C-Trust, C-SPY, C-RUN, C-STAT, IAR Visual State, I-jet, I-jet Trace, IAR Academy, IAR, and the logotype of IAR Systems are trademarks or registered trademarks owned by IAR Systems AB.

Cyber Security Works reveals 13 vulnerabilities have become newly associated with Ransomware

Retrieved on: 
Thursday, October 20, 2022
Technology, Mobile, Wireless, Security, Other Technology, Electronic Commerce, Software, Networks, Internet, Data Management, LinkedIn, Industrial control system, ASM, Critical Manufacturing, Risk, Growth, SOAR, Organization, Common Weakness Enumeration, CWE, Catalog, Research, Twitter, Autumn Sandeen, Multimedia, Microsoft, Automation, Securin, KEV, Ivanti, Ransomware, APT, CISA, Workplace, VMware, Critical, CEO, Control theory, WSO2, Apache, ICS, Zoho Corporation, MITRE, Solution, CSW, Weapon, Risk management, Management, Health care, Energy, Oracle, Atlassian

Cyber Security Works (CSW) latest Ransomware Index Report reveals that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2 and Q3 taking the overall count to 323 vulnerabilities.

Key Points: 
  • Cyber Security Works (CSW) latest Ransomware Index Report reveals that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2 and Q3 taking the overall count to 323 vulnerabilities.
  • View the full release here: https://www.businesswire.com/news/home/20221018006323/en/
    Cyber Security Works (CSW) latest Ransomware Index Report reveals that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2 and Q3 taking the overall count to 323 vulnerabilities.
  • 13 new vulnerabilities have become associated with Ransomware in the past two quarters, and 10 out of 13 vulnerabilities have critical severity ratings.
  • 57 Ransomware vulnerabilities have a complete MITRE ATT&CK kill chain; if exploited, these vulnerabilities can lead to a complete takeover of the system.

Strobes Security Announces Its Next Version of Strobes PTaaS, a Continuous and On-Demand Pentesting Platform

Retrieved on: 
Tuesday, August 2, 2022
Intelligence, NIST, National Institute, Strobe light, Jira, CTO, Review, Common Weakness Enumeration, OWASP, Software as a service, Efficiency, CWE, CBO, Automation, PEN, Risk management, James Cullen (PTAA), Technology

PLANO, Texas, Aug. 2, 2022 /PRNewswire-PRWeb/ -- Strobes Security Inc. believes in continuous innovation and development. In the last few years, Strobes Security have released multiple products like VM365, Vulnerability Intelligence, and now they are introducing the next version of Strobes PTaaS.

Key Points: 
  • PLANO, Texas, Aug. 2, 2022 /PRNewswire-PRWeb/ --Strobes Security Inc. believes in continuous innovation and development.
  • In the last few years, Strobes Security have released multiple products like VM365, Vulnerability Intelligence, and now they are introducing the next version of Strobes PTaaS.
  • With Strobes PTaaS, customers can raise a pentest request of any kind, schedule the assessments including the delivery dates and access the vulnerabilities from the platform.
  • Strobes Security products combined with managed services aim to simplify the vulnerability reporting & management process, assuring end-to-end solutions via risk-centered vulnerability management platform.

Sternum Joins NXP Marketplace as Its First Real-time IoT Security and Observability Solution

Retrieved on: 
Monday, June 20, 2022
Other Manufacturing, Apps, Applications, Technology, Semiconductor, Security, Manufacturing, Internet, IOT (Internet of Things), Data Management, Solution, RTOS, Industry, Observation, Intelligence, Technology, NXP, CEO, IDF, CWE, IOT, Research, CPU, Common Weakness Enumeration, NXP Semiconductors, Embedded, Linux, Conference, Organization, City, Video game console, Risk management, Sternum

Sternum , the pioneer in autonomous IOT security and observability, announces joining the software partner community of NXP Semiconductors , one of the worlds leading manufacturers of and largest marketplaces for embedded controllers.

Key Points: 
  • Sternum , the pioneer in autonomous IOT security and observability, announces joining the software partner community of NXP Semiconductors , one of the worlds leading manufacturers of and largest marketplaces for embedded controllers.
  • Through this collaboration, IoT manufacturers relying on NXP for their controller supply will be able to seamlessly integrate Sternums patented security and visibility features into their devices.
  • Sternum successfully addresses the rise of remote runtime attacks against connected devices and as such, is seen as a valuable addition to NXP products.
  • Often lacking both in security and visibility , IoT devices transform entire industriesand have emerged as a major gap in companies security perimeters.