#Cybersecurity--RSA Conference 2024 — Forescout Technologies Inc., a global cybersecurity leader, today unveiled new research, Exposing the Exploited, an analysis uncovering a host of exploited vuln...
Forescout researchers find 90,000 unknown vulnerabilities and other risk blind spots in standard vulnerability guidance
SAN FRANCISCO: #Cybersecurity--RSA Conference 2024 — Forescout Technologies Inc., a global cybersecurity leader, today unveiled new research, Exposing the Exploited, an analysis uncovering a host of exploited vulnerabilities not captured by the CISA KEV catalog, the most popular source of information on vulnerabilities known to be actively exploited by threat actors. Exposing the Exploited details how an over-reliance on legacy information databases and standard guidance drastically underrepresents the global threat landscape. The study was conducted by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure.
“Vulnerabilities are being found, weaponized, and exploited in the wild faster than ever before, with 97 0-days exploited in 2023 and already 27 this year,” said Elisa Costante, VP of Research, Forescout Research – Vedere Labs. “Current methodologies for cataloging issues such as MITRE’s Common Vulnerabilities and Exposures (CVE) system and NIST’s National Vulnerability Database (NVD) are critical tools but have significant limitations. This research shows that even FIRST’s Common Vulnerability Scoring System (CVSS), the Exploit Prediction Scoring System (EPSS) and CISA's Known Exploited Vulnerabilities (KEV) should not be used exclusively.”
Read the blog: Exposing the Exploited: Analyzing vulnerabilities that live in the wild
Forescout researchers found a significant increase in unrecognized exploited vulnerabilities in the wild with no CVE identifiers and CVSS scores. The top findings include:
The rapid increase in vulnerabilities being discovered and exploited by malicious actors underscores the need for a new approach to prioritization. While the CISA KEV list is a valuable resource and the most recognized catalog for exploited vulnerabilities, it does have certain limitations. Our analysis reveals that the CISA KEV catalog is not exhaustive — we have observed exploited vulnerabilities in the wild that are absent from this catalog. Additionally, crucial details on how these vulnerabilities are exploited, such as modus operandi, tactics, techniques, and procedures (TTPs), and associated indicators of compromise (IoCs), are often missing. Therefore, organizations should rely on multiple sources to enhance their preparedness.
Forescout released Exposing the Exploited from RSA Conference 2024 where its researchers can discuss these findings in the North Hall 5353, May 6-9.
How Forescout Research Works
Forescout Research employs its Adversary Engagement Environment (AEE) to conduct analysis, leveraging a blend of real and simulated connected devices. This dynamic environment functions as a robust tool, enabling the pinpointing of incidents and the identification of intricate threat actor patterns at a granular level. The overarching objective is to elevate responses to complex critical infrastructure attacks by leveraging the detailed insights and understanding derived from this specialized deception environment. The AEE is maintained by Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure. Forescout products directly leverage this research, which is also shared openly with vendors, agencies, and other researchers.
About Forescout
The Forescout cybersecurity platform provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.
Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.
Fonte: Business Wire
Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…
G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
Roblox Corporation (NYSE: RBLX) today announced that it will report the company’s second quarter 2025 financial results before the opening of the U.S.…
#AI--NiCE (Nasdaq: NICE) today announced the winners of its 2025 International CX Excellence Awards, honoring organizations from across EMEA and APAC…
#AI--LambdaTest, a unified agentic AI and cloud engineering platform, has announced it has become a strategic sponsor of Appium, the world’s most widely…
ReSource Pro today announced it has acquired Propellint, a technology services firm specializing in implementation and support for insurance platforms…