therecord.media
Open in
urlscan Pro
2606:4700:4400::ac40:91e2
Public Scan
URL:
https://therecord.media/nist-vulnerability-backlog-cleared-cisa
Submission: On November 14 via api from TR — Scanned from DE
Submission: On November 14 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input name="s" placeholder="Search…" type="text" value=""><button type="submit">Go</button></form>Text Content
* Leadership * Cybercrime * Nation-state * Elections * Technology * Cyber Daily® * Click Here Podcast Go Subscribe to The Record ✉️ Free Newsletter Image: Getty Images / Unsplash Jonathan Greig November 13th, 2024 * News * Government * News Briefs * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. NIST SAYS EXPLOITED VULNERABILITY BACKLOG CLEARED BUT END-OF-YEAR GOAL FOR FULL LIST UNLIKELY The federal body in charge of processing prominent vulnerabilities said a backlog of unanalyzed exploited bugs has been cleared. The National Institute of Standards and Technology (NIST) has faced backlash since it became clear earlier this year that thousands of critical vulnerabilities were not being analyzed or enriched since the agency announced cutbacks in February. Enrichment involves adding contextual data to an entry about a vulnerability in the National Vulnerability Database (NVD). With help from the Cybersecurity and Infrastructure Security Agency (CISA) and several private sector companies, NIST said on Wednesday that they now “have a full team of analysts on board” and are “addressing all incoming CVEs as they are uploaded into our system.” “In addition, we have addressed all Known Exploited Vulnerabilities (KEVs) that were in the backlog, and we are processing all new KEVs as they come in,” they said. As of September 21, researchers at VulnCheck said 72.4% of all CVEs — more than 18,000 — in the database had yet to be fully analyzed and 46.7% of all exploited vulnerabilities remained unanalyzed. Despite the substantial progress, NIST said its previous goal of clearing the entire backlog of both exploited and unexploited bugs by the end of the year will not be met. CISA became the first Authorized Data Provider (ADP) earlier this year, allowing the agency to contribute information to vulnerability records on behalf of NIST. “However, our initial estimate of when we would clear the backlog was optimistic,” NIST said. “This is due to the fact that the data on backlogged CVEs that we are receiving from Authorized Data Providers (ADPs) are in a format that we are not currently able to efficiently import and enhance. “To address this issue, we are developing new systems that will allow us to process incoming ADP data more efficiently.” NIST did not respond to requests for comment about whether CISA is the only ADP. They are currently the only one listed on the CVE website. Dozens of cybersecurity experts previously signed a letter in April addressed to Congress and Secretary of Commerce Gina Raimondo imploring them to fund and protect the NVD, calling it “critical infrastructure for a large variety of cybersecurity products.” Each listing in the database has information added about a vulnerability’s severity, the products it affects and more. Earlier this year, researchers found that of the 12,720 new vulnerabilities added since February, 11,885 were not “analyzed or enriched with critical data that help security professionals determine what software has been affected by a vulnerability.” Rob Joyce, the recently retired cybersecurity director for the National Security Agency, said in May that the backlog “is a significant risk” and means the cybersecurity industry now lacks understanding of the evolving attack surface. * * * * * Tags * National Vulnerability Database (NVD) * National Institute of Standards and Technology * CISA * Vulnerability Previous articleNext article Top White House cyber official urges Trump to focus on ransomware, China US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic. BRIEFS * NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikelyNovember 13th, 2024 * Chinese national faces 20 years in US prison for laundering pig-butchering proceedsNovember 13th, 2024 * Bitdefender releases decryptor for ShrinkLocker ransomwareNovember 13th, 2024 * China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike payloadNovember 13th, 2024 * Dutch company behind Hannaford, Stop & Shop says cyber issue affecting US networkNovember 12th, 2024 * Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes allianceNovember 12th, 2024 * Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in UkraineNovember 8th, 2024 * Texas-based oilfield supplier faces disruptions following ransomware attackNovember 8th, 2024 * Outages impact Washington state courts after ‘unauthorized activity’ detected on networkNovember 6th, 2024 CHINA-NEXUS TAG-112 COMPROMISES TIBETAN WEBSITES TO DISTRIBUTE COBALT STRIKE China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike RUSSIAN STRATEGIC INFORMATION ATTACK FOR CATASTROPHIC EFFECT Russian Strategic Information Attack for Catastrophic Effect OPERATION OVERLOAD IMPERSONATES MEDIA TO INFLUENCE 2024 US ELECTION Operation Overload Impersonates Media to Influence 2024 US Election OUTMANEUVERING RHYSIDA: HOW ADVANCED THREAT INTELLIGENCE SHIELDS CRITICAL INFRASTRUCTURE FROM RANSOMWARE Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware RHADAMANTHYS STEALER ADDS INNOVATIVE AI FEATURE IN VERSION 0.7.0 Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 * * * * * * Privacy * About * Contact Us © Copyright 2024 | The Record from Recorded Future News