| Hello Fellow Customers & Friends We’re back with some great news. First, we continue to expand the support to the Vulnerability Common Patch Format feature introduced earlier this year. Indeed, we have enlarging the scope of “vulnerable packages” to “Apache” dataset. The roadmap of vulnerability indicators has also grown with several new mappings requested by our customers. They will be implemented over the course of the following months. We have also enhanced the vulnerability indicators concerning the “VAT scanning” part. At the request of some of our customers, we have introduced the support Nuclei Vulnerability Scanner signatures. vFeed Vulnerability Intelligence is especially appreciated by its perfect integration with Open Standards. Thus, the 3 main standards namely CWE, CAPEC and ATT&CK have been updated to their latest versions. Therefore, we support the new list of 2021 Top CWE 25  Finally, our team, in collaboration with Black Hat & Informa, will launch a new cyber-security conference dedicated to hacking tools in the Middle East. Say hello to the First Edition of @hack Arsenal KSA Chapter. |
NJ OUCHN vFeed, Inc. Founder |
New Feature
Mapping Nuclei Vulnerability Scanner
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.
Nuclei have a dedicated repository that houses various type of vulnerability templates contributed by more than 200 security researchers and engineers.
Nuclei Vulnerability templates can be very handy when the usual VATs do not provide signature. Check the following CVE-2021-22122
Or expand the signatures base of CVEs. The following CVE-2017-9805 has multiple VAT signatures including Nessus, OpenVAS, SCAP OVAL Ubuntu & Nuclei Templates.
New Feature
Mapping Apache HTTP Server Patch
Apache is a powerful, flexible, HTTP/1.1 compliant web server & highly configurable and extensible with third-party modules. Apache is run on over 120 million Internet servers (as of April 2010) (Source, Netcraft)
We have decided to take a final step by introducing a new feature: Common Patch Format. Although our company and for liability reasons shall not be recognized as a “patch provider”, we have nevertheless done a lot of groundwork to review our roadmap and add this major feature.
As of today, the “Vulnerability Common Patch Format” supports 4 major datasets : Ubuntu, Redhat and Debian & Apache
As soon as the information is made public by the vendors, our correlation engines will align the vulnerabilities with the list of packages, products, affected and unaffected versions and their release date.
Enhancement
Alignment with MITRE ATT&CK v9.x
The MITRE ATT&CK’s Adversarial Tactics, Techniques, and Common Knowledge is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as excepted.
With this major version 9.0, vFeed is now supporting the newest additions such as sub-techniques and the latest structure (14 Tactics, 185 Techniques, and 367 Sub-techniques)
All those changes has been reflected within vFeed Vulnerability Intelligence. Indicators.
Enhancement
CWE updated to version 4.5
CWE Version 4.5 has been posted on the CWE List page to add support for the recently released “2021 CWE Top 25 Most Dangerous Software Weaknesses” list, among other updates.
CWE 4.5 includes the addition of 1 new view to support the release of the 2021 CWE Top 25, 3 new software weaknesses, and 1 new hardware weaknesses. In addition, there were many updates related to randomness. More update this latest update.
All those changes has been reflected within vFeed Vulnerability Intelligence. Indicators.
Enhancement
CAPEC updated to version 3.5
CAPEC Version 3.5 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 3.4 and Version 3.5.
Version 3.5 includes:
- Adding fourteen new attack patterns:
- Supply Chain Attack Patterns
- CAPEC-669: Alteration of a Software Update
- CAPEC-670: Software Development Tools Maliciously Altered
- CAPEC-671: Requirements for ASIC Functionality Maliciously Altered
- CAPEC-672: Malicious Code Implanted During Chip Programming
- CAPEC-673: Developer Signing Maliciously Altered Software
- CAPEC-674: Design for FPGA Maliciously Altered
- CAPEC-675: Retrieve Data from Decommissioned Devices
- Bluetooth Attack Patterns
- CAPEC-666: BlueSmacking
- CAPEC-667: Bluetooth Impersonation AttackS (BIAS)
- CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
- Other Attack Patterns
- CAPEC-662: Adversary in the Browser
- CAPEC-663: Exploitation of Transient Instruction Execution
- CAPEC-664: Server Side Request Forgery
- CAPEC-665: Exploitation of Thunderbolt Protection Flaws
All those changes has been reflected within vFeed Vulnerability Intelligence. Indicators.
Enhancement
Supporting 2021 Top 25 Most Dangerous Software Weaknesses
The 2021 CWE Top 25 Most Dangerous Software Weakness is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system or prevent an application from working.
vFeed Vulnerability Intelligence is now supporting this newest list and we will tag any vulnerability that matches the known condition.
Below CVE-2020-1938 tagged with CWE Top 25 from 2019, 2020 and 2021.