National Vulnerability Database

Action1 Unveils Free Vulnerability Assessment at RSAC 2024 To Close the Vulnerability Awareness Gap

Retrieved on: 
Tuesday, May 7, 2024
Cyberattack, Conference, KEV, Attention, National Vulnerability Database, Organization, Booth, NVD, CISA, RSAC, RSA, Risk management

San Francisco, CA, May 07, 2024 (GLOBE NEWSWIRE) -- Action1 Corporation , a provider of the integrated real-time vulnerability discovery and patch management automation solution, today at RSAC 2024™ introduced free vulnerability assessment.

Key Points: 
  • San Francisco, CA, May 07, 2024 (GLOBE NEWSWIRE) -- Action1 Corporation , a provider of the integrated real-time vulnerability discovery and patch management automation solution, today at RSAC 2024™ introduced free vulnerability assessment.
  • According to the Action1 2023 State of Vulnerability Remediation Report , 47% of breaches resulted from known security vulnerabilities.
  • The Action1 free vulnerability assessment service provides organizations with comprehensive insights into vulnerabilities on their endpoints, including identifying CVEs persisting in applications and operating systems, missing updates, and outdated software.
  • To access the free vulnerability assessment service, organizations can create an Action1 account and install the agents on their endpoints.

Protect AI Named Cutting Edge Machine Learning Security Operations (MLSecOps) Solution at RSA Conference 2024

Retrieved on: 
Tuesday, May 7, 2024
Data Management, Security, Technology, Software, Artificial Intelligence, Internet, Hugging Face, Organization, CDM, OSS, Gemini, ChatGPT, Safety, Radar, Policy, AI, Information, Protection, RSA Conference, LLM, Machine learning, Conference, Research, Artificial intelligence, CISSP, Environment, National Vulnerability Database, Sightline (architecture), Synthetic media, Booth, GitHub, CEH, Generative, Community, RSA, Registry, Cutting edge, Medical device

RSA CONFERENCE-- Protect AI , the leading artificial intelligence (AI) and machine learning (ML) security company, today announced that it was voted Cutting Edge Machine Learning Security Operations (MLSecOps) Solution in the Cyber Defense Magazine (CDM) 2024 Global InfoSec Awards.

Key Points: 
  • RSA CONFERENCE-- Protect AI , the leading artificial intelligence (AI) and machine learning (ML) security company, today announced that it was voted Cutting Edge Machine Learning Security Operations (MLSecOps) Solution in the Cyber Defense Magazine (CDM) 2024 Global InfoSec Awards.
  • Winners were announced here, and the company will demonstrate the Protect AI platform at Booth 1655 in the Moscone South Expo.
  • “Being named Cutting Edge MLSecOps Solution at the RSA Conference by the Global InfoSec Awards further reinforces Protect AI’s status as the premier platform in AI/ML security,” said Ian Swanson, CEO of Protect AI.
  • Protect AI’s end-to-end AI/ML security platform includes:
    Radar is a comprehensive solution for AI security posture management, providing organizations with end-to-end visibility across their entire ML supply chain, including models, data, AI applications, and ML pipelines.

Protect AI Releases Sightline, the Most Comprehensive AI/ML Vulnerability Database

Retrieved on: 
Monday, May 6, 2024
Data Management, Security, Technology, Other Technology, Software, Artificial Intelligence, Internet, Ecosystem, Risk, Radar, AI, Protection, Machine learning, MLOps, Research, Artificial intelligence, API, Intelligence, Environment, Sightline (architecture), National Vulnerability Database, Synthetic media, NVD, Noise, NVIDIA, Posture, Generative, Poisoning, Organization, Medical device

Protect AI today unveiled Sightline , the most comprehensive artificial intelligence (AI) and machine learning (ML) supply chain vulnerability database.

Key Points: 
  • Protect AI today unveiled Sightline , the most comprehensive artificial intelligence (AI) and machine learning (ML) supply chain vulnerability database.
  • Yet, existing vulnerability databases lack breadth of AI coverage, fail to provide necessary details on AI risks, and don’t address all the complexities of securing AI applications and ML models.
  • Traditional vulnerability databases fall short, a gap that Sightline uniquely addresses,” said Ian Swanson, CEO of Protect AI.
  • Sightline revolutionizes how enterprises secure their AI applications and ML models by offering a comprehensive vulnerability database that surpasses traditional sources with original security research tailored to AI and ML technologies.

Lacework Reduces Security Friction for Developers, Introduces Smart Fix Automated Remediation

Retrieved on: 
Thursday, May 2, 2024
SCA, Risk, Infrastructure as code, CWE, Visual Studio, IDE, SBOM, Intelligence, SAST, National Vulnerability Database, Noise, VS, Running, Developer

MOUNTAIN VIEW, Calif., May 2, 2024 /PRNewswire/ -- Lacework, the data-driven security company, today announced a range of updates to its code security offering headlined by Smart Fix, a new capability for automated risk remediation. Initially released to identify and navigate common vulnerabilities and exposures (CVEs) in third-party and open-source software, Smart Fix will later extend to the full Lacework platform to improve remediation across the entire cloud-native application lifecycle.

Key Points: 
  • MOUNTAIN VIEW, Calif., May 2, 2024 /PRNewswire/ -- Lacework , the data-driven security company, today announced a range of updates to its code security offering headlined by Smart Fix , a new capability for automated risk remediation.
  • Now, with Lacework Smart Fix, the unparalleled speed and accuracy of Lacework code security comes with automatic remediation for third-party code vulnerabilities.
  • For both developers and security engineers, Smart Fix helps avoid expensive patching exercises and provides clear guidance for remediation that will have the biggest positive security outcomes.
  • Over time, Lacework will extend its Smart Fix technology to intelligently reduce risk across other security domains including further aspects of code security, identities and entitlements, attack paths, and infrastructure as code (IaC) security.

Sonatype Uncovers Millions of Previously Hidden Open Source Vulnerabilities Through Unique Shaded Vulnerability Detection System

Retrieved on: 
Thursday, May 2, 2024
Risk, CVSS, Log4Shell, Risk management, Automation, National Vulnerability Database, NVD, Optimism, Critical, Organization, XZ

Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.

Key Points: 
  • Fulton, Md., May 02, 2024 (GLOBE NEWSWIRE) -- Sonatype , the software supply chain optimization company, today announced it has identified 336,000 previously undetectable, “Critical” open source vulnerabilities through a new, first-of-its-kind shaded vulnerability detection capability in the Sonatype platform, that revolutionizes the identification of hidden security threats within open source code.
  • This industry-first data enhancement comes from a novel, Sonatype-created algorithm capable of detecting vulnerabilities in "shaded" open source files—a technique in which original code is repackaged, often making detection by traditional means impossible.
  • Our commitment is to provide the deepest, most comprehensive insights into open source vulnerabilities, coupled with the tools and automation necessary to boost developer productivity while minimizing security risks."
  • "While no one wants to see more vulnerabilities discovered in open source, sunshine is, as they say, the best disinfectant.

Vicarius Launches vstore and vacademy to Expand Thriving Vulnerability Research Community

Retrieved on: 
Wednesday, May 1, 2024
Software, Networks, Hardware, Continuing, Technology, Education, Training, Security, Pocs, Ecosystem, CTF, Reproduction, CVE, Traction, Research, Knowledge, Federation, National Vulnerability Database, POC, NVD, Movement, Private sector, Growth, Videocassette recorder

Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.

Key Points: 
  • Additionally, with the upcoming release of vacademy, users will be able to earn vcoins by completing challenges or participating in CTFs.
  • The platform has seen impressive growth with over 2,000 active members and a thriving Discord community.
  • With vacademy, participants can enroll in courses and participate in hands-on learning led by community instructors.
  • vstore will open its digital doors May 10, 2024 while vacademy will be launched in Q3 of this year.

VulnCheck Adds Common Platform Enumeration (CPE) Data to its NVD++ Service to Improve Vulnerability Prioritization

Retrieved on: 
Monday, March 25, 2024
Technology, Security, Community, OS, National Vulnerability Database, NVD, Research, Software, NIST, CPE, JSON, API, Common Vulnerabilities and Exposures, Common Platform Enumeration, Government, CVE, Risk management

VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced it is enhancing its Community Tier service, NVD++ , with Common Platform Enumeration (CPE) data currently missing from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
  • By enriching NVD++ with CPE data, VulnCheck is helping solve an industry-wide issue, enabling defenders to identify vulnerable assets for newly published Common Vulnerabilities and Exposures (CVEs) in the NVD.
  • CPE data plays a crucial role in vulnerability management by providing a standardized method for identifying and documenting software applications, operating systems, and hardware components.
  • The source data VulnCheck used to produce “known vulnerable configurations” containing CPEs in NVD++ is the same used by NIST.

VulnCheck Introduces VulnCheck NVD++ as a Reliable, High-Performance Alternative to the NIST NVD 2.0 API

Retrieved on: 
Thursday, March 14, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, Community, KEV, Organization, National Vulnerability Database, Intelligence, Risk, Publishing, Private sector, NIST, API, JSON, NVD, Government, Frustration, CVE, Cryptocurrency

VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.

Key Points: 
  • VulnCheck NVD++ is the latest addition, providing members with a stable, high-performance source of NVD 2.0 CVE data via API or downloadable JSON files, as well as the ability to access NVD 1.0, which is also maintained under VulnCheck NVD++.
  • VulnCheck NVD++ solves these challenges with a reliable, persistent connection to our Community NVD 2.0 API that operates at machine speed.
  • In December 2023, VulnCheck announced its first Community resource: perpetual support and maintenance of the NIST NVD 1.0 API, ahead of the migration deadline.
  • VulnCheck NVD++ bundles the 2.0 API with the previously released 1.0 API, including downloadable JSON backup files for each, into a single resource.

DarkLight Introduces Game-Changing Risk Reanalysis Capability and Expands Application of Threat Intelligence and Enrichment Sources

Retrieved on: 
Wednesday, March 27, 2024
Microsoft, CISA, Organization, MITRE ATT&CK, Risk management, Knowledge, ServiceNow, Communication, EVP, National Vulnerability Database, Intelligence, Risk, CK, MITRE, Northern Lights, Software, Engineering, Metasploit, Exploit, Microsoft Teams, Catalog, FIRST, CVE

SEATTLE, March 27, 2024 /PRNewswire/ -- DarkLight, a leading provider of cutting-edge cybersecurity solutions, is proud to announce the daily, automatic application of the latest threat intelligence and enrichment sources into its flagship product, Cyio.

Key Points: 
  • SEATTLE, March 27, 2024 /PRNewswire/ -- DarkLight, a leading provider of cutting-edge cybersecurity solutions, is proud to announce the daily, automatic application of the latest threat intelligence and enrichment sources into its flagship product, Cyio.
  • Additionally, DarkLight introduced several new intelligence and enrichment sources to better inform the identification and prioritization of risk.
  • Through automatic application of cybersecurity tradecraft, and the recent integration with mail handlers, Cyio now accommodates the entire risk management lifecycle – from risk identification and prioritization to risk mitigation and remediation.
  • Soon, DarkLight will integrate MITRE ATT&CK and CVE to MITRE ATT&CK Mapping to unveil mitigation or workaround options alongside remediations.

BackBox Unveils Major Update to Network Vulnerability Manager, Enhancing CVE Mitigation and Risk Scoring

Retrieved on: 
Tuesday, March 26, 2024
User interface, OS, CISA, NIST, National Vulnerability Database, BackBox, NVD, CVE, NVM, Risk management

DALLAS, March 26, 2024 /PRNewswire/ -- After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox, a leader in security-centric automation for network teams, has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as "mitigated," helping network teams manage CVEs and their relevance to the organization.

Key Points: 
  • BackBox has also improved its User Interface (UI)  to help network engineers manage mitigated CVEs and give them the flexibility to view their organization's risk posture either by CVE or by device.
  • "Our customers appreciate that we make network vulnerability management easy by empowering them to see their risk scores update in real-time through the CVE 'mitigated' feature and closed-loop remediation," said BackBox CEO Andrew Kahl.
  • BackBox launched Network Vulnerability Manager in October 2023 to integrate automated OS upgrades and network configuration management capabilities with network vulnerability management into common workflows.
  • NVM is purpose-built for network teams to easily discover vulnerabilities in their network, prioritize CVEs according to their unique risk profile, and automate remediation, no matter the network complexity.