In our earlier blog US Electric Grid is “becoming more vulnerable to cyberattacks” says US GAO, we talked about US GAO assessment report [GAO-19-332] pertaining to Critical Infrastructure Protection at Electric Grids. In this blog, we will do a deep dive to better understand specifics from the report. For a high level overview of the […]

Grid Power Lines

In an earlier blog article titled “Energy Sector at risk of Cyber Attacks”, we described an attack at a Western Utility company and how the attack leveraged a known software vulnerability for which a patch was available but not applied. The energy sector needs to pull up its socks as is evident from recent NIST […]

Power Plant

In an earlier blog in May 2019 titled “Energy sector at risk of cyber attacks!”, we talked about how the energy sector is at the cusp of cyber attacks across the globe. This is a shared sentiment, as is evident from the recent special publication 1800-23 from NIST (link to complete publication for those interested) […]

Twigs is an essential tool for devops security to ensure that your open source dependencies are evaluated and tracked for vulnerabilities. As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is the discovery of open source dependencies as assets using the ‘repo’ mode. In this […]

History is a great teacher and provides us with a wealth of learning. The learning from the past is relevant not merely for anecdotal reasons but also for the wisdom that we can gain from it. Dipping into this pool of history can help to comprehend the present, improve our response and avoid mistakes that […]

Host discovery image

As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is host discovery. In the host discovery mode, twigs will collect required metadata from the host to perform no-scan vulnerability assessments. The host discovery mode supports local and remote discovery. Local refers to discovery of the […]

Introduction The bedrock of asset discovery in ThreatWatch is ‘twigs’ (short for ThreatWatch Inventory Gathering Script). twigs is a python based open source utility script maintained by ThreatWatch. twigs aims to provide a simple extensible interface to all types of assets and asset management systems in order to discover the metadata required by ThreatWatch to […]

Broken glass

Earlier last month NIST released a draft copy of CyberSecurity White paper titled “Mitigating the risk of Software Vulnerabilities by adopting a Secure Software Development Framework [SSDF]” for comments. The paper highlights how few software development lifecycle [SDLC] models explicitly address software security in detail and it recommends a core set of high-level secure software […]

What are reserved CVE’s ? Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and […]

Priority

The number of vulnerabilities being reported has just been growing over the years. The below chart help depict how the count of vulnerabilities has grown significantly (though not yet exponentially) over the recent years. Note it is apparent from the chart how ThreatWatch provides better overall vulnerability intel coverage, apart from standard sources like NVD. […]