Hello Fellow Customers & Friends. We’re back with some great news !
We continue to evolve the Vulnerability Common Patch Format feature. This time, we have enlarging the scope of “vulnerable packages” to “IBM FLRT” dataset.
We have also augmented the bulletin indicators with the support to Mozilla Security Advisories. Few other mappers has been modified & fixed (Talos, IBM bulletins, Debian patches) as the vendors data continue to evolve. A lot of work is being done behind the scenes to improve our data feed.
vFeed Vulnerability Intelligence Service is especially appreciated by its perfect integration with Open Standards. Thus, the 2 main standards namely CWE and ATT&CK have been updated to their latest versions. Therefore, we support the new list of 2021 CWE Most Important Hardware Weaknesses.
Finally, our team, in collaboration with Black Hat & Informa, will be back to Singapore and Las Vegas for 2 more sessions of the infamous Black Hat Arsenal Edition 2022 !
Mozilla Security Advisory
Mozilla is a free software community founded in 1998 by members of Netscape.
Mozilla’s products include the Firefox web browser, Thunderbird e-mail client (now through a subsidiary), Bugzilla bug tracking system, Gecko layout engine, Pocket “read-it-later-online” service, and others.
Mozilla have a dedicated security repository that houses 5000+ ofsecurity advisories.
Here sample of Mozilla bulletin as listed in CVE-2021-29951
vFeed lists as well bugs ID whenever they are available. Here is the case of CVE-2022-28288 with its Mozilla & bugs IDs
Mapping IBM FLRT / APAR Packages
IBM FLRT assists administrators in formulating a maintenance plan for IBM Systems. It uses various code and fix levels to provide recommendations on updates or incompatibilities on your system.
We have decided to take a final step by introducing a new feature: Common Patch Format. Although our company and for liability reasons shall not be recognized as a “patch provider”, we have nevertheless done a lot of groundwork to review our roadmap and add this major feature.
As of today, the “Vulnerability Common Patch Format” supports 5 major datasets : Ubuntu, Redhat and Debian, Apache & IBM FLRT
As soon as the information is made public by IBM, our correlation engines will align the vulnerabilities with the list of packages, products, affected and unaffected versions and their release date.
See below information regarding CVE-2022-22351 and packages affected with IBM AIX. The status tag dispays as well link to the fixed package.
Here is another screen from CVE-2017-3143 with full vulnerable & fixed packages.
Alignment with MITRE ATT&CK v11.x
The MITRE ATT&CK’s Adversarial Tactics, Techniques, and Common Knowledge is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as excepted.
With this major version 11.0, vFeed is now supporting the newest additions such as sub-techniques and the latest structure (14 Tactics, 191 Techniques, 386 Sub-techniques,)
All those changes has been reflected within vFeed Vulnerability Intelligence. Indicators.
CWE updated to version 4.7
CWE Version 4.7 has been posted on the CWE List page to add support to many ICS and Hardware weaknesses views such as “Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS” and “CWE-1384: Improper Handling of Extreme Physical Environment Conditions”
There are 926 weaknesses and a total of 1,386 entries on the CWE version 4.7
All those changes has been reflected within vFeed Vulnerability Intelligence Indicators.
Multiple datasources refactored
We have fixed and enhanced few mappers to better handle dataset from different vendors such as Cisco Talos advisories, IBM Bulletins & Debian Packages patches.
De facto, vFeed Vulnerability Intelligence Service correlates plenty of information from different vendors and the substantial challenge is to maintain our vulnerability data coherent, relevant and consistent for our customers.