SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Flashpoint says vulnerability disclosure ‘highly volatile’
Fri, 29th Jul 2022
FYI, this story is more than a year old

Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile'.

The company says that this has meant standard das are potentially introducing volumes generally only seen on Patch Tuesdays and other similar events.

The report has been released at a time when there is increasing pressure on security teams to remediate tens of thousands of vulnerabilities every year with limited resources.

It contains valuable insights to help organisations develop a robust understanding of the areas that need work.

Flashpoint notes that with new problems being discovered daily, businesses are having difficulty making workloads manageable, and as a result, vulnerabilities are not being reported correctly.

Of the 11,860 vulnerabilities collected throughout the first six months of 2022, Flashpoint saw that 27.3% went unreported.

Further, publicly available data is uncontextualised, often missing valuable metadata, which Flashpoint says can result in security teams not having an accurate picture of their priorities or remediation process.

In fact, Vulnerability Management Programs using CVSSv2 scores as a basis for prioritisation may be misguided, as Flashpoint has found that 52% of all 10.0 vulnerabilities reported in the first half of 2022 are likely scored incorrectly.

The report also shows a discrepancy of 85% when it comes to ‘discovered-in-the-wild' vulnerabilities reported in the first half of 2022, compared to resources such as Google's Project Zero.

Flashpoint says this shows that exploitation more often occurs outside of Advanced Persistent Threat (APT) attacks.

The release of The State of Vulnerability Intelligence: 2022 Midyear Edition comes after Flashpoint unveiled its K-12 risk management and security offering to provide school boards and education security practitioners with tools to recognise, prevent and manage cyber and physical threats.

The threat, vulnerability and risk intelligence company notes that threat actors are increasingly targeting schools with ransomware and DDoS attacks, causing school systems to become the victims of data breaches and email compromise schemes.

This results in devastating impacts on K-12 operations across the US, along with teachers, students, parents and vendors.

“Schools increasingly are facing a confluence of cyber and physical threats that have to be addressed holistically,” Flashpoint global public sector sales vice president Steve Cooperman says.

“Flashpoint is the only joint threat intelligence solution that can quickly help schools better protect their students and personnel in both the cyber and physical realms, reducing risk everywhere.

“Our K-12 risk management and security solutions are specifically designed to address the unique threats facing school boards nationwide, which cost taxpayers millions of dollars and far too often put the livelihoods of students, parents, and school personnel at risk.

To combat this, Flashpoint is partnering with leading school systems in the US to provide its new K-12 offerings.

These include:

  • Ransomware readiness and response
  • Brand exposure protection and domain monitoring
  • Preventing account takeover (ATO)
  • Coordination with law enforcement
  • Threat actor monitoring and intelligence
  • Vulnerability intelligence and prioritisation