CVSS Archives - Help Net Security

CVSS

How can CISOs catch up with the security demands of their ever-growing networks?

November 11, 2022

Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have …

Elevation of Privilege is the #1 Microsoft vulnerability category

May 25, 2022

BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend …

The SOC is blind to the attackable surface

April 12, 2021

A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped …

When it comes to vulnerability triage, ditch CVSS and prioritize exploitability

February 10, 2021

When it comes to software security, one of the biggest challenges facing developers today is information overload. Thanks in part to the widespread proliferation and use of …

Three ways MITRE ATT&CK can improve your organizational security

February 8, 2021

There’s a good reason everyone’s talking about MITRE ATT&CK: it’s an objective, third-party standard with which organizations can measure their own detection coverage, as …

Number of ICS vulnerabilities disclosed in 2020 up significantly

February 5, 2021

Throughout the second half (2H) of 2020, 71% of industrial control system (ICS) vulnerabilities disclosed were remotely exploitable through network attack vectors, according …

Most ICS vulnerabilities disclosed this year can be exploited remotely

August 20, 2020

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and …

Fixing all vulnerabilities is unrealistic, you need to zero in on what matters

June 24, 2020

As technology constantly advances, software development teams are bombarded with security alerts at an increasing rate. This has made it nearly impossible to remediate every …

You are focusing too much on vulnerabilities that pose little danger

March 2, 2020

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study. The top 20 most popular container images on DockerHub were analyzed to …

Older vulnerabilities and those with lower severity scores still being exploited by ransomware

September 25, 2019

Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were …

CVSS 3.1: Refined and updated for easier adoption by the security community

July 15, 2019

The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a …

Vulnerabilities’ CVSS scores soon to be assigned by AI

November 5, 2018

The National Institute of Standards and Technology (NIST) is planning to use IBM’s Watson to evaluate how critical publicly reported computer vulnerabilities are and …

CVSS

How can CISOs catch up with the security demands of their ever-growing networks?

Elevation of Privilege is the #1 Microsoft vulnerability category

The SOC is blind to the attackable surface

When it comes to vulnerability triage, ditch CVSS and prioritize exploitability

Three ways MITRE ATT&CK can improve your organizational security

Number of ICS vulnerabilities disclosed in 2020 up significantly

Most ICS vulnerabilities disclosed this year can be exploited remotely

Fixing all vulnerabilities is unrealistic, you need to zero in on what matters

You are focusing too much on vulnerabilities that pose little danger

Older vulnerabilities and those with lower severity scores still being exploited by ransomware

CVSS 3.1: Refined and updated for easier adoption by the security community

Vulnerabilities’ CVSS scores soon to be assigned by AI

Don't miss

CISA releases free tool for detecting malicious activity in Microsoft cloud environments

Top ways attackers are targeting your endpoints

Why organizations shouldn’t fold to cybercriminal requests

Fake ChatGPT for Google extension hijacks Facebook accounts

A common user mistake can lead to compromised Okta login credentials