I’m excited to announce new updates & enhancements regarding the vFeed Vulnerability Intelligence Service.
2 major new addition for this release are the support of 5000+ exploits (mainly from Github) and the alignment with ATT&CK v7.2.
We will continue focusing on adding and enhancing the quality of data to bring our customers the best vulnerability intelligence feed.
5000+ exploits added to enhance exploitation capabilities
We have added the support to 5000+ missed / scattered exploits from different individuals (bug bounties, pentesters …) on Github. Now, whenever an exploit is released directly on Github, it will be captured and reflected on our vulnerability indicators. As a result, it will augment the richness of “exploitation” data.
See below example of CVE-2020-1472 (Netlogon vulnerability) tagged with 36 exploits from Github
vFeed Indicators Aligned with ATT&CK v.7.2
The MITRE ATT&CK’s Adversarial Tactics, Techniques, and Common Knowledge is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as excepted.
With this major version 7.2, vFeed is now supporting the newest additions such as sub-techniques and the latest structure. 30% more of CVEs are now tagged with ATT&CK IDs.
See below example of CVE-2017-0199 tagged with different ATT&CK identifiers.
CWE Version 4.2 Supported
The CWE 4.2 includes the addition of 2 new views one to support the release of the 2020 CWE Top 25 (see below) and the other the CISQ (Consortium for Information & Software Quality). 15 new hardware weaknesses were added as well. In overall, 259 changes to relationships were made.
All those changes has been reflected within vFeed Vulnerability Intelligence. Indicators.
Support to CAPEC Version 3.3
The CAPEC v 3.3 includes the addition of 7 new attacks patters and 152 CAPEC-To-CWE mappings. In overall, it is 245 patterns and4 categories were added with this latest release.
Here is example of CVE-2020-6995 tagged with CAPEC-565 (Password Spraying)
Supporting 2020 CWE Top 25 Most Dangerous Software Weaknesses
The 2020 CWE Top 25 Most Dangerous Software Weakness is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system or prevent an application from working.
vFeed Vulnerability Intelligence is now supporting this newest list and we will tag any vulnerability that matches the known conditions.
Here is example of CVE-2020-1472 tagged with both 2020 and 2019 CWE Top 25
Enhanced YARA With Titles & Categories and New Datasources
YARA is the name of a tool primarily used in malware research and detection. It provides a rule-based approach to create descriptions of malware families based on textual or binary patterns.
In order to improve our Yara data, we have enhanced our mappers to capture the rules names, categories and link to files. Other data sources were added as well to extend the total number of rules.
Here is example of CVE-2020-1472 with captured YARA rules
Enhanced Support To PacketStorm
PacketStormSecurity is a popular information security website offering current and historical tools, exploits and security advisories. In order to improve our current collection, we have enhanced our mappers to capture the exploits names and link to files.
Here is example of CVE-2020-3153 with captured PacketStorm exploits.