Time for a bigger bucket—or at least a few hundred small buckets—to catch last year’s security flaws that slipped through the cracks.
Recent data from exploit-intel company VulnCheck revealed a lot more publicly reported vulnerabilities (and attacks on those vulnerabilities) than a year ago—a 20% annual increase, according to the firm, thanks to a greater number of available cyber-sharers out there.
“The sources are evolving and changing,” VulnCheck Security Researcher Patrick Garrity told IT Brew. He sees increased information sharing as a positive development, but one that tech pros have to scramble to digest.
“There’s a lot more organizations involved in information sharing and getting vulnerability exploitation disclosure out quicker, faster,” he said.
VulnCheck, in its Feb 3. report, claimed that 768 common vulnerabilities and exposures (CVEs) were publicly reported in 2024 as exploited—a significant annual uptick, thanks to additional reporting sources from the 2024 RSA conference, alerts from nonprofit Shadowserver, and disclosures from WordPress scanner Wordfence, Garrity said.
KEV’in! One major source of threat intel for IT pros has been the Known Exploited Vulnerabilities (KEV) catalog, established by CISA and considered by the agency to be “the authoritative source of vulnerabilities that have been exploited in the wild.”
VulnCheck’s reports show a majority of reported monthly vulnerabilities were not in the KEV. Garrity sees the KEV as a “good effort” but one “limited in scope.”
He pointed to additional sources reporting exploitation evidence, especially vendor advisories.
Queries from SOCRadar Cyber Intelligence found that the National Vulnerability Database (NVD) recorded 40,000 CVEs—almost a 39% increase from 2023’s 28,817 exposures, and definitely, thankfully more than that VulnCheck number of 768.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Practitioners’ Digest. Perusing 40,000 of anything, let alone the one thing that could lead to an exploit, is a challenging task for an IT pro.
Andy Richter, practice director for enterprise networking at IT services provider Presidio, rolls up alerts from CISA KEV into daily digests for his fellow practitioners, placing “high vulnerabilities” at the top. With RSS feeds, he pipes the data directly into chat rooms to notify engineers in real time.
The CISA KEV database provides Richter a “vendor-agnostic,” starting point for the important vulnerabilities to know. That isn’t to say it’s his only source of information, however; he also keeps up with vendor advisories and field notices, especially those of Presidio partners, he said, and thinks carefully about the right combination of public and private alerts.
“The best blend comes from the most high-quality perspectives, and there’s valuable perspectives from the vendors that I appreciate and prioritize,” he said.
Garrity said patch management today means using anything and everything available, whether it’s documentation from a government agency, vendor advisory, or nonprofit.
“The security community really coming together in more organizations, disclosing exploitation, sharing intelligence, is incredibly valuable,” he said.
Practitioners will use the information how they wish, Richter added.
“I think information to inform our decision-making is always better against the bad guys. We need more intelligence in the hands of private actors.”