Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nucleus

Applied Lessons from Product Security Teams in Vulnerability Management | Nucleus Security

Product security and vulnerability management have become critical components of an organization's overall cybersecurity strategy. However, these two teams often face challenges in working together effectively, leading to misalignment and potential security gaps. Patrick Garrity hosted a roundtable discussion with industry experts Matthew Clapham and Scott Kuffer to share applied lessons from product security teams and vulnerability management.

The Rise In Vulnerability Disclosure, Exploitation and Threat Intelligence

Patrick Garrity, Security Researcher at Nucleus Security, discusses the rise of vulnerabilities exploitation and threat intelligence in the field of vulnerability management. He highlights the history of vulnerability management, the increase in vulnerabilities and exploitation, the limitations of the common vulnerability scoring system (CVSS), and the emergence of vulnerability threat intelligence. Patrick also emphasizes the importance of open-source intelligence, such as CISA's Known Exploited Vulnerabilities (KEV) List and the Exploit Prediction Scoring System (EPSS), as well as the value of commercial threat intelligence.

Nucleus Product Update 3.9

Welcome to the Nucleus Product Update 3.9. As we approach Thanksgiving, we’d like to start by expressing our appreciation for you and the rest of the Nucleus family. Thank you for being a part of our community and contributing to our collective growth and success. We have so much to be thankful for this year, especially YOU! We hope you have a wonderful holiday celebrating all there is to be grateful for and enjoying a great meal with the people you love most.

How CISO's Should Approach Security Vulnerability Risk

Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments. They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.

NYDFS Regulatory Changes: Vulnerability Management and Risk Assessment

The financial sector is constantly adapting to emerging threats and regulatory changes. The New York Department of Financial Services (NYDFS) is at the forefront of cybersecurity regulation, ensuring that covered entities within the state maintain robust cybersecurity programs. In this blog post, we’ll dive into the recent changes to NYDFS regulations, specifically focusing on vulnerability management and an updated definition of risk assessment.

Navigating the Challenges of Enterprise Vulnerability Management

When you’re managing cybersecurity at the enterprise level, it’s crucial to have a full breadth of understanding of the ins-and-outs of your enterprise vulnerability management program — including all of the challenges that come along with it. Only then can you begin to effectively prioritize risks and get ahead of vulnerabilities as quickly as possible. In this webinar, join our panelists of cybersecurity experts as they discuss.

CISA KEV's Known Ransomware Attribution

This past week, Patrick Garrity, Security Researcher at Nucleus, spent a lot of time exploring Cybersecurity and Infrastructure Security Agency's update the Known Exploited Vulnerabilities catalog, which now includes attribution to vulnerabilities associated with ransomware campaigns. In this short video, he explores this new addition and walks through the data visualizations he created to provide broader visibility into this new addition.

Release Spotlight: Trends Page Upgrade and Bulk Data Export Functionality

In vulnerability management (VM), the task of sifting through vast amounts of data to pinpoint critical insights can feel like searching for a needle in a haystack, specifically a haystack with many precious needles that all look alike. And, of course, the one needle you’re looking for is mission-critical and can mean the difference between securing your business and leaving it open to attack.

CISA KEV Ransomware Interactive Visualization

When we first built the CISA KEV enrichment dashboard at Nucleus, our goal was to gain new insights into the vulnerabilities that had been confirmed by CISA as being exploited. Recently, CISA expanded the Known Exploited Vulnerabilities Catalog with vulnerabilities “known to be used in ransomware campaigns”. We find this data valuable in helping organizations identify which vulnerabilities on the KEV pose greater risk.

A Look at CISA's Top Routinely Exploited Vulnerabilities

Knowing what vulnerabilities interest malicious actors is a critical step in assessing the risk of vulnerabilities found in your environment. On August 3rd, CISA released their Top Routinely Exploited Vulnerabilities report for the year 2022 and inside comes little surprise as to most of the culprits. Bugs tied to ransomware incidents continue to dominate the eyes of the agencies behind these joint advisories in hopes that the number of complete owns will diminish.