CVE | CWE

The 2024 #CWE Top 25 Most Dangerous #Software Weaknesses list is now available! See the the most severe and prevalent weaknesses behind the 31,770 #CVE Records  in this year’s dataset. Take a look and share your thoughts! https://lnkd.in/dMSCdGkH

📢  Exciting News 📢 The new 2024 CWE™ Top 25 Most Dangerous Software Weaknesses are here! This year’s list highlights the most severe and prevalent weaknesses behind the 31,770 CVE® Records in this year’s dataset. A huge thank you to the 148 CNAs that contributed their time and expertise towards data review. Let’s work together and use this knowledge to build more secure software and protect our digital ecosystem! #CWETop25 #Cybersecurity #VulnerabilityManagement #InformationSecurity

As detailed in this Forbes article, National Institute of Standards and Technology (NIST) researchers have released a comprehensive analysis on various hardware security failure scenarios based on the hardware CVE | CWE common weakness enumeration (CWE). The article highlights the seven major categories of hardware vulnerabilities outlined in the report, each representing a different way devices could be compromised. "Hardware is often assumed to be robust from a security perspective," the researchers note. However, modern computer chips contain millions of components and embedded software, often called firmware. Unlike software vulnerabilities that can be patched with updates, hardware flaws are physically embedded in silicon—making them extremely difficult and expensive to fix.” As a result of his participation in the CWE Board and Special Interest Group (HW CWE SIG), Cycuity CTO Jason Oberg provided the NIST team early feedback on the report prior to its publication. #cybersecurity #hardwaresecurity #NIST https://lnkd.in/gaZjMS8m

🔒 MITRE CVE | CWE publica la lista de las 25 vulnerabilidades más comunes y peligrosas del software de 2023-2024, identificadas como las más comunes y peligrosas detrás de más de 31.000 vulnerabilidades reportadas entre junio de 2023 y junio de 2024. Las vulnerabilidades incluyen fallos, errores y vulnerabilidades en el código, diseño, arquitectura o implementación de las aplicaciones. Estas fallas pueden ser aprovechadas por atacantes para comprometer sistemas, acceder a datos sensibles, tomar el control de dispositivos afectados o incluso causar ataques de denegación de servicio (DoS). Con frecuencia, son fáciles de identificar y explotar, permitiendo a los adversarios tomar control completo de un sistema, robar datos o impedir el funcionamiento de aplicaciones. Este ranking no solo ayuda a identificar las vulnerabilidades más críticas, sino que también guía a empresas en sus inversiones y políticas para prevenir estas fallas desde su origen. La clasificación de este año se elaboró analizando 31.770 registros CVE, con un enfoque particular en las fallas incluidas en el catálogo de Vulnerabilidades Explotadas Conocidas (Known Exploited Vulnerabilities, KEV) de Cybersecurity and Infrastructure Security Agency. ENLACE: https://lnkd.in/dxPxmfmX

Cybersecurity and Infrastructure Security Agency—in collaboration with the MITRE-operated Homeland Security Systems Engineering and Development Institute (#HSSEDI)—has released the 2024 CVE | CWE Top 25 Most Dangerous Software Weaknesses. Organizations are strongly encouraged to review this list and use it to inform their software security strategies to help prevent vulnerabilities at the core of the software lifecycle. #Cybersecurity #CISA #CWE http://spklr.io/6040xkr4

#CWE Version 4.16 is now available! This latest release includes 1 new view to support the release of the “2024 CWE Top 25 Most Dangerous Software Weaknesses,” 1 new #AI related to prompt injection + continued CWE content usability improvements  https://lnkd.in/e6TkgyCa

“CNA Enrichment Recognition” — 224 CNAs on the list for November 18, 2024    Published every 2 weeks, this list recognizes those CVE Numbering Authorities (#CNAs) actively providing #CVSS and #CWE vulnerability data in their #CVE Records    https://lnkd.in/eYEJN3Vh

Omnissa is now a CVE Numbering Authority (CNA) assigning CVE IDs for all Omnissa products and services, including Workspace ONE and Horizon    https://lnkd.in/eNKXMYbi    #CVE #CNA #Vulnerability #VulnerabilityManagement #Cybersecurity

Minutes from the CVE Board teleconference meeting on October 30 are now available    https://lnkd.in/eMt8gkt2    #CVE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA #Infosec #Cybersecurity

Beckman Coulter Diagnostics is now a CVE Numbering Authority (CNA) assigning CVE IDs for Beckman Coulter Diagnostics manufactured products and technologies only      https://lnkd.in/eC8n7gCF      #CVE #CNA #Vulnerability #VulnerabilityManagement #Healthcare #Cybersecurity