Modernizing Risk-Based Vulnerability Management - March 2023 Update

It’s already March and we’ve been working hard?on fresh,?new #vulnerabilitymanagement content as winter comes to an end and Spring is upon us?—?at least for those of us in the northern hemisphere.

This month,?we released new research on #vulnerabilitydisclosure growth, the state of vulnerability management,?and breakdowns of 14 new vulnerabilities added to the #CISAKEV list. Not only that,?but we hosted an educational webinar with Mandiant (part of Google Cloud) on how to use #threatintelligence to maximize your remediation efforts. Enjoy all the new goodies...?

VULNERABILITY MANAGEMENT?COVERAGE?

The State of Vulnerability Management:?Chapter One -?The Escalating Problem in Vulnerability Management?

Vulnerability exploitation is involved in over half of breaches, making it a huge risk to orgs.?However,?the problem only continues to balloon year over year. In this first chapter of our eBook, The State of Vulnerability Management, we explore how vulnerability management has grown and evolved over time?—?detailing how?attackers are now weaponizing #vulnerabilities quicker than ever.?

2022 Vulnerability Disclosure Growth Infographic?

To help give enterprise organizations better insight into the current state of vulnerability management, we created the following infographic which features some of the most important statistics around #vulnerabilityexploitation from the last year to help set the stage?for?why this is such an important problem for security teams to focus on.?

CISA?adds?14?new vulnerabilities to the?Known?Exploited?Vulnerabilities?Catalog in?February?

During the?month of?February,?the Cybersecurity and Infrastructure Security Agency added?14?new vulnerabilities to the CISA KEV list. The products added to the list include:?#ZKFramework, #Mitel, #IBM Aspera?Faspex,?#Cacti, #MicrosoftOffice, #MicrosoftWindows, #Apple, #Forta GoAnywhere?MFT,?#TerraMaster?OS, #Intel, #Oracle E-Business Suite,?and #SugarCRM.??

You can read a breakdown from Nucleus of each vulnerability added to the CISA KEV Catalog here:?

• ZK?Framework?
• IBM, Mitel?
• Cacti?
• Microsoft, Apple?
• TerraMaster,?Fortra, Intel?
• Oracle E-Business, SugarCRM RCE?

LIVESTREAM/PODCAST?COVERAGE?– On-Demand?

Maximizing Vulnerability Remediation Efforts Through the Power of Threat Intelligence?

Scott Kuffer , COO of Nucleus Security, and Caleb Hoch , Principal Security Consultant at #Mandiant?(now part of Google Cloud), will provide an in-depth look at how enterprise organizations can leverage vulnerability threat intelligence to prioritize their vulnerability remediation efforts.?

NUCLEUS PRODUCT?UPDATES?

Nucleus Product Update?3.1?

This product update includes the following:??

• A major Tenable .io rework to improve functionality, asset handling, and ingest speeds??
• Additional metadata for? Snyk , Prisma Cloud by Palo Alto Networks , and?Invicti/Netsparker??
• Several Rapid7 performance improvements to align with recent API changes??

NUCLEUS IN THE NEWS?

CISA adds ‘high-severity’ ZK Framework bug to vulnerability catalog?| SC Media)?

Patch your Windows PC now to fix 3 zero-day exploits?| KimKomando

Two zero-days fixed in Patch Tuesday can escalate?priviledges?to the?systme?level?| SC Media

UPCOMING WEBINAR?– March 22nd?

Taking a Risk-Based Approach to Assessing Your Attack Surface?

Scott Kuffer , COO of Nucleus Security, and? Tucker Pettis , Senior Manager, Cyber Risk Services at 德勤 , will provide an in-depth look at how enterprise organizations can take a risk-based approach to assessing their #attacksurface.