The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek.
Madhu Gottumukkala Officially Announced as CISA Deputy Director
New CISA Deputy Director Madhu Gottumukkala has joined the agency from South Dakota’s Bureau of Information and Technology.
The post Madhu Gottumukkala Officially Announced as CISA Deputy Director appeared first on SecurityWeek.
New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics.
The post New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA appeared first on SecurityWeek.
US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations
The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations.
The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.
White House Proposal Slashes Half-Billion from CISA Budget
The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek.
CISA Issues Guidance After Oracle Cloud Hack
CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek.
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.
The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials.
The post Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections appeared first on SecurityWeek.
