Aggregator

Group Claims a NY Surgical Center and a Nevada Medical Center Among Recent Victims
U.S. authorities are warning healthcare sector entities of incidents involving Everest, a Russian-speaking ransomware group and initial access broker, which claims to have stolen sensitive patient information in recent attacks, including on two medical care providers in New York and Nevada.

Logging Best Practices Guidance Aims to Enhance Global Detection and Response
The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.

Kimsuky, or a Related Group, Deploys XenoRAT Variant
A North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.

Also: Dangers of Malicious Code Embedded in ML Models; Is Ransomware in Decline?
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.

你可能错过的新鲜事Windows 11 Recall 将在 10 月开启公测微软于 8 月 21 日宣布，Recall 功能预计将于 10 月份开始向 Windows Insiders 提供，并再

信创&密评场景，用统一身份收敛“弱口令”问题 日期：2024年08月23日 阅：69

近几年，“HW”、“信创”、“密评”成了各行业关注的热词。面对相关法律法规中的各种要求，市面上眼花缭乱的产品和 […]

It’s easy to find vulnerabilities. It’s harder to prioritize and fix them. 

So far in 2024, there has been an average of over 110 CVEs disclosed per day. Compounded with all the vulnerabilities disclosed in the last two decades, security teams are faced with triaging thousands and thousands of vulnerabilities and deciding which ones need to be fixed first. 

Vulnerability prioritization remains a critical challenge for security teams—but machine learning offers solutions to lessen the burden of analysis.

The right vulnerability prioritization strategy to employ depends on the nature of your business, your tech architecture, and more. Given all the different prioritization criteria we hear from customers, we set out to build Dazz Priority Scores, which we announced earlier this year. 

Dazz Priority Scores uses context such as issue exploitability, exposure, severity, business impact, and root causes to help customers quickly identify the most critical issues to fix out of potentially thousands discovered by their detection tools. By using Dazz Priority Scores, customers reduce the backlog of vulnerabilities that need to be further analyzed by an order of magnitude.

The magic behind Dazz Priority Scores

The Dazz Unified Remediation Platform uses machine learning to continually assess a customer’s risk landscape. To calculate a Priority Score, the Dazz platform considers the following factors:

• Business context: taking into account which applications, data, and infrastructure resources are impacted by specific vulnerabilities
• Risk context: assessing the vulnerability severity, exploitability, and threat intelligence available for any vulnerability
• Environment context: understanding where the vulnerability originates, what’s impacted downstream, and what remediation and mitigation steps are available

Given these factors, Dazz calculators “sub scores” which can be bucketed into:

• Risk scores
• Asset scores
• Remediation scores

Let’s take a look at each. 

Risk scores

Risk scores assess all factors of a given vulnerability. To start, Dazz considers the severity from the source detection tool of a vulnerability. If a vulnerability has been seen by multiple sources, customers can apply their own logic to normalize a severity rating.

On top of severity, Dazz considers exploitability data from CISA KEV, EPSS, and other threat intelligence sources. Finally, Dazz takes into account customer-defined SLAs. If a vulnerability has breached its SLA date set by the customer, the risk weighting will be greater.

Asset scores

Asset scores take into account the business context of applications, data, and infrastructure resources associated with any vulnerability. By ingesting data from CMDBs, directories, and other platforms, Dazz automatically correlates vulnerabilities with business context. Dazz Business Units allows customers to enrich the correlation of vulnerabilities and auto-assign certain owners depending on the resources impacted by any vulnerability.

Dazz can also glean other characteristics about vulnerabilities to weight them as a greater risk, like whether they impact internet-facing resources or applications through reachable code.

Remediation score → effort to fix

The final element of Dazz Priority Scores considers remediation actions. This is often one of the most sought after elements that customers haven’t been able to attain before using Dazz. By determining the root cause of vulnerabilities, Dazz understands the relative effort required to fix it. Dazz can also outline the best remediation and mitigation options available, highlighting which will be most effective given the environmental context of the vulnerability.

Furthermore, Dazz can understand when multiple vulnerabilities stem from the same root cause. The concept here is that vulnerabilities that share a root cause may be weighted higher since the risk reduced upon remediation is far greater than a single vulnerability in isolation.

Putting it all together

Dazz Priority Scores = weighted asset risk score + weighted risk score + weighted remediation score. 

Scores are calculated on a scale of 0-100 for each finding, with 100 being the highest score. Customers can understand which factors contributed to any score, and customize weights according to what makes the most sense to their business.

Since machine learning underpins the model, Dazz Priority scores get better and better as it’s applied to billions of vulnerabilities across our customer base.

If you’d like to learn more about Dazz Priority Scores and try it for yourself, contact us today.

The post How we improved vulnerability prioritization with machine learning appeared first on Security Boulevard.

Calibre-web 0.6.21 - Stored XSS

Helpdeskz v2.0.2 - Stored XSS

分享独立开发、产品变现相关内容，每周五发布。目录1、Telegraph-Image: 开源免费图片托管解决方案2、textsniper：文本识别提取3、【粉丝自荐】artipub: 一键自动文章发布至

US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which […]

A cyberattack hit US oil giant HalliburtonUS oil giant Halliburton announced that it was hit b