Probably Don’t Rely on EPSS Yet
This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read MoreTag: Security Vulnerabilities
UEFI – Terra Firma for Attackers
This blog post focuses on how the vulnerabilities in firmware popularized by the Uniform Extensible Firmware Interface create a lucrative target for high-profile attackers.
Read MoreVultron: A Protocol for Coordinated Vulnerability Disclosure
This post introduces Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
Read MoreUEFI: 5 Recommendations for Securing and Restoring Trust
This blog post expands on concerns brought to light from recent UEFI attacks, such as BlackLotus, and highlights 5 recommendations to secure and restore trust in the UEFI ecosystem.
Read MoreWordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
Severe CSRF to XSS bugs open the door to code execution and complete website compromise.
Read MoreMicrosoft Addresses 111 Bugs for May Patch Tuesday
Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs.
Read MoreThe Windows 7 Postmortem: What’s at Stake
Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
Read More70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
Read MoreSalt Bugs Allow Full RCE as Root on Cloud Servers
Researchers say the bugs are easy to exploit and will likely be weaponized within a day.
Read More