Look for any podcast host, guest or anyone
Showing episodes and shows of

CVE Program

Shows

.NET in pillole
.NET in pillole316 - La vulnerabilità più grave mai scoperta in ASP.NET Core [CVE-2025-55315]In questa puntata ti parlo della vulnerabilità CVE-2025-55315, quella che Microsoft ha classificato con un punteggio di gravità 9.9 e che molti considerano la più critica mai scoperta in ASP.NET Core.Capiremo insieme cos’è l’HTTP Request Smuggling, come funziona questo tipo di attacco e perché può compromettere anche applicazioni perfettamente scritte.Vedremo quali versioni di .NET sono vulnerabili, come verificare se il tuo server è a rischio e quali patch o mitigazioni puoi applicare subito. Anche se non scrivi codice “sbagliato”, a volte basta un header HTTP fuori posto per spalancare la porta a un attaccante.https://www.cve...
2025-10-2715 minWe Speak CVE
We Speak CVEThe CVE Consumer Working Group (CWG)“We Speak CVE” podcast host Shannon Sabens chats with CVE Consumer Working Group (CWG) co-chairs, Jay Jacobs and Bob Lord, and CVE™ Project Lead Alec Summers, about how the CWG was created to address the needs and perspectives of those who use CVE data — ranging from enterprise security teams to tool developers and managed security service providers — recognizing that their requirements and pain points often differ from those of upstream data providers.Topics include the CWG’s goals to systematically capture and organize consumer feedback, identify common and unique challenges across different user types, and inform improvements in the CVE P...
2025-10-1420 minDaily Security Review
Daily Security ReviewBroadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, a local privilege escalation flaw affecting VMware Tools and Aria Operations. What makes this vulnerability particularly alarming is that it was actively exploited in the wild as a zero-day since mid-October 2024, nearly a full year before its public disclosure.Security researchers at NVISO Labs attribute the exploitation to UNC5174, a China-linked threat actor with a track record of targeting enterprise systems. The flaw allows a malicious local user with non-admin access...
2025-10-0225 minCVE-podden
CVE-poddenVåldsbejakande islamism i AfrikaDen globala våldsbejakande islamismen har flyttat fokus från Mellanöstern till Afrika. Sedan IS-kalifatets fall 2019 har det skett en kraftig ökning av jihadistisk aktivitet i främst Sahel-regionen och på Afrikas horn. I senaste avsnittet av CVE-podden berättar Fredrik Meiton och Vendela Laukkanen om hur utvecklingen påverkar Sverige, och om de rättsprocesser som ägt rum det senaste året som haft en koppling till IS i Somalia. Vad går att säga om gärningspersonerna? Och vad behöver vi som arbetar förebyggande mot våldsbejakande extremism i Sverige ha koll på när det gäller...
2025-09-3015 minThe Other Side Of The Firewall
The Other Side Of The FirewallYouth Hacks, CVE Upgrades & AI ATOsIn this episode, Ryan Williams Sr. and Shannon Tynes discuss various cybersecurity topics, including the alarming trend of children hacking their schools, the need for better cybersecurity education, and the modernization of the CVE program. They also explore the role of AI in streamlining cybersecurity processes and the importance of maintaining human oversight in the face of technological advancements. The conversation emphasizes the necessity of integrating cybersecurity awareness from a young age and the implications of AI on job security in the industry. Articles: Children hacking their own schools for 'fun', watchdog warns
2025-09-1756 minThe Exploit Archives
The Exploit ArchivesEp08 - The Triple Threat in NVIDIA Triton: CVE-2025-23334/23320/23319CVE-2025-23334, CVE 2025-23320, CVE-2025-23319 - three vulnerabilities in NVIDIA's Triton Inference Server that chain together, getting more critical each time.In this episode of The Exploit Archives, we break down this "Triple Threat", how these flaws work, why they matter for AI security, and what lessons they hold for protecting machine learning infrastructure. Support the show: ⁠⁠⁠The Exploit Archives⁠⁠⁠Youtube: ⁠⁠⁠The Exploit Archives - YouTube⁠⁠Weekly Episodes!Tags: CVE breakdown, cybersecurity, ai, nvidia, ai security, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking
2025-08-2108 minIT SPARC Cast
IT SPARC CastDocker Hub CVE Wake-Up Call: Malware from 2024 Still Lurking in 2025 Images!We’re kicking off Season 2 of IT SPARC Cast - CVE of the Week with a critical vulnerability warning that should make every DevOps and IT leader take notice. This episode dives into the shocking discovery that 35 Docker Hub images still contain malware linked to the 2024 XZ Utils supply chain attack—highlighting massive blind spots in container security.John and Lou explore how this outdated exploit has resurfaced in current Docker images, why current scanning tools failed to catch it, and what security measures enterprise IT teams must implement to stay protected. From Zero Trust practices to s...
2025-08-1508 minThe Exploit Archives
The Exploit ArchivesEp06 – CVE-2017-5753 & CVE-2017-5715: Spectre – The Invisible Threat Inside Your CPUCVE-2017-5753 & CVE-2017-5715 – better known as Spectre – exposed a terrifying truth: your CPU could be exploited.This wasn’t a software flaw. It was a vulnerability baked into the hardware of nearly every modern processor. And it wasn’t just theoretical. Attackers could steal passwords, encryption keys, and sensitive data... without ever touching the system.In this episode of The Exploit Archives, we dive into how Spectre worked, the performance cost of fixing it, and how this invisible exploit changed the future of cybersecurity forever.Support the show: ⁠The Exploit Ar...
2025-08-0712 minWe Speak CVE
We Speak CVEMapping the Root Causes of CVEs“We Speak CVE” podcast host Shannon Sabens chats with CVE™/CWE™ Project Lead Alec Summers and CWE Top 25 task lead/CWE Root Causes Mapping Working Group lead Connor Mullaly about the importance of mapping CVE Records (vulnerabilities) to their technical root causes using Common Weakness Enumeration (CWE). Additional topics include the benefits of RCM for CVE Numbering Authorities (CNAs) and consumers of CVE data, Common Vulnerability Scoring System (CVSS) and other vulnerability metadata and their differences with CWE, the CWE Top 25 Most Dangerous Software Weaknesses list, and the tools and guidance available to improve the RCM process (e.g., exa...
2025-08-0523 minIT SPARC Cast
IT SPARC CastEmergency SharePoint RCE Warning – CVE-2025-53770 & CVE-2025-53771 Under Active ExploitThis week on IT SPARC Cast – CVE of the Week, John and Lou sound the alarm on two critical zero-day vulnerabilities impacting on-premise Microsoft SharePoint servers: CVE-2025-53770 and CVE-2025-53771. Exploited via a chained attack called “ToolShell,” these flaws enable unauthenticated remote code execution (RCE). Nation-state attackers, particularly Chinese APTs, are already exploiting these vulnerabilities, targeting government and infrastructure networks slow to patch. If you’re running SharePoint 2016, 2019, or Subscription Edition on-prem, your window for action is closing fast.We break down Microsoft’s emergency guidance—including patching beyond last Patch Tuesday, rotating cryptographic keys, enabling AMS...
2025-07-2507 minDaily Security Review
Daily Security ReviewCVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access AttacksA critical zero-day vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, giving attackers administrative access to over a thousand unpatched servers globally. This severe security flaw—caused by improper validation in the AS2 protocol—has exposed enterprise-managed file transfer (MFT) systems across the US, Europe, and Canada. Security experts are sounding the alarm, and organizations relying on CrushFTP are urged to patch immediately.Discovered in mid-July 2025, the bug has been traced to reverse-engineering of recent CrushFTP patches. The vulnerability grants unauthenticated attackers complete control via exposed web interfaces, making it a high-value exploit for data theft, surv...
2025-07-2222 minDaily Security Review
Daily Security ReviewCVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP SecurityA devastating vulnerability—CVE-2025-20309—has been discovered in Cisco’s Unified Communications Manager (Unified CM) and its Session Management Edition (SME), threatening the security of over a thousand internet-exposed VoIP systems globally. In this episode, we break down this critical flaw, which scores a perfect CVSS 10.0, and explore why it's one of the most dangerous telecom vulnerabilities in recent memory.The vulnerability stems from unchangeable hardcoded SSH root credentials inadvertently left in production code during development. Exploitable without authentication, this flaw grants remote attackers full root access to affected systems—an open door to full system takeover...
2025-07-0441 minDaily Security Review
Daily Security ReviewCISA Flags Citrix NetScaler Flaws: What CVE-2025-6543 Means for Federal and Private NetworksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—an urgent signal for federal agencies and private enterprises alike. At the center of this update is CVE-2025-6543, a memory overflow flaw affecting NetScaler ADC and Gateway appliances, which could lead to Denial of Service attacks under specific configurations. This joins earlier additions from 2023, including CVE-2023-6548 and CVE-2023-6549, covering code injection and buffer overflow vulnerabilities.In this episode, we explore why NetScaler vulnerabilities are drawing heightened attention, how they are actively being ex...
2025-07-0156 minIT SPARC Cast
IT SPARC CastTwo New Linux Privilege Escalation Flaws You Need to Patch (CVE-2025-6018 & CVE-2025-6019)In this episode of IT SPARC Cast - CVE of The Week, John and Lou break down two critical Linux vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that could allow local users to escalate privileges all the way to root. Discovered by the Qualys Threat Research Unit, these flaws affect major Linux distributions, including openSUSE and SUSE Enterprise Linux. Even though Ubuntu users may be safe if default PAM files haven’t been altered, the risks for production Linux environments are real—and patching is essential.We dive into how attackers could chain these flaws together to gain una...
2025-07-0104 minDaily Security Review
Daily Security ReviewGerriScary: How CVE-2025-1568 Threatened Google’s Open-Source Supply ChainCVE-2025-1568, dubbed "GerriScary", has shaken the open-source ecosystem by exposing a fundamental weakness in Google’s Gerrit code review system—one that could have enabled attackers to infiltrate 18 of Google’s most widely used open-source projects, including Chromium, ChromiumOS, Dart, and Bazel.This episode breaks down how the vulnerability was discovered by researchers at Tenable using a subtle but powerful HTTP status code fingerprinting technique. A simple 209 response exposed whether a user had the “addPatchSet” permission on a given project. That small indicator opened the door to a potentially massive software supply chain compromise, allowing malicious patchsets...
2025-06-1935 minSeemposium Podcast
Seemposium PodcastSeemposium lowlevel_3 | CVE nel caos e LLM che ragionano davvero?In questo nuovo episodio, Andrea e Gabriele analizzano le vulnerabilità più critiche delle ultime settimane, tra cui il caso SAP e la gestione disastrosa del supporto VPN in casa Fortinet. A fare da sfondo, il caos nel progetto CVE del Mitre, che rischia di mettere in crisi l’intero sistema di classificazione delle vulnerabilità.La discussione si allarga poi al futuro della sicurezza informatica con AI: l’intelligenza artificiale può davvero “ragionare”? Le ultime ricerche di Anthropic suggeriscono di sì. Ma quali sono i rischi, i bias, e le derive distopiche dietro l’adozione di questi sistemi anche in ambito...
2025-05-091h 20Tom Eston, Author at Security Boulevard
Tom Eston, Author at Security BoulevardThe Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive OrderWhat would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration’s executive order that revoked the security […] The post The Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive Order appeared first on Shared Security Podcast. The post The Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive Order appeared first on...
2025-04-2800 minShared Security Podcast
Shared Security PodcastThe Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive OrderWhat would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration’s executive order that revoked the security […] The post The Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive Order appeared first on Shared Security Podcast.
2025-04-2820 min🔴 RadioCSIRT : L’Actu Cyber Qui Protège Votre Quotidien ! ⚡️
🔴 RadioCSIRT : L’Actu Cyber Qui Protège Votre Quotidien ! ⚡️RadioCSIRT : Le Programme CVE confirmé et renforcé ! - Épisode Spécial 268🔴 Breaking News Cybersécurité 🔴 Le Programme CVE, pilier mondial de la gestion des vulnérabilités, n’a jamais été menacé ! 📌 Au programme aujourd’hui : 🔹 Clarification officielle de la CISA Matt Hartman, Directeur exécutif adjoint par intérim de la CISA, réaffirme que le programme CVE n’a connu aucune interruption. Pas de problème de financement, seulement un dossier contractuel réglé à temps. 📚 Source : https://www.cisa.gov/news-events/news/statement-matt-hartman-cve-program 🔹 Soutien total de la CVE Foundation La CVE Foundation confirme son alignement avec CISA et annonce sa volonté de soutenir une tra...
2025-04-2406 minOT After Hours
OT After HoursTo CVE or Not to CVE?In this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE's near-miss funding lapse for the CVE program means for vulnerability management. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (Team Lead, Special Projects & Protocols), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines. Key Takeaways Context drives cadence. Fan speed may need minute-level polling, firmware often does not. Redundancy...
2025-04-2346 minTechzine Talks
Techzine TalksHoe erg is het als de MITRE CVE-database verdwijnt?Het kwam vorige week als donderslag bij heldere hemel. Een dag voor het verstrijken van de deadline van 16 april werd duidelijk dat er nog geen nieuwe fondsen beschikbaar gesteld waren door de Amerikaanse overheid voor de CVE-database van de MITRE Corporation. Te elfder ure kwam het toch nog goed. Voor nu althans, want wie weet hoe het over elf maanden gaat, als de nieuwe termijn afloopt. Hoe moeten we deze gang van zaken interpreteren? En wat kunnen we doen om een herhaling van de toch wel paniekerige reacties vorige week te voorkomen? We bespreken het in de nieuwste...
2025-04-2224 minBreach FM - der Infosec Podcast
Breach FM - der Infosec PodcastFlurfunk - Ende der CVE Datenbank?Diese Woche bei Breach FM: Max Imbiel und Robert Wortmann tauchen in die Welt der Cyber-Security ein – von Wellness-Wanderungen bis zu globalen Datenbank-Dramen! Hier ein Blick auf unsere Themen:👉 Chris Krebs im Fokus: Der ehemalige CISA-Direktor verliert seine Security Clearance und tritt bei SentinelOne zurück, um die Firma zu schützen. Ein persönlicher Kampf gegen politische Machtspiele? Wir diskutieren, warum Krebs ein Vorbild für die Branche bleibt.👉 CVE-Datenbank in Aufruhr: Die Security-Welt gerät in Aufregung, als das Funding für das CVE-Programm kurzzeitig zu kippen droht. Was steckt genau hinter dieser Krise und wie...
2025-04-191h 04Business of Tech: Daily 10-Minute IT Services Insights
Business of Tech: Daily 10-Minute IT Services InsightsCVE Program Saved, CISA Nomination Blocked, OpenAI's AI Models Released, SolarWinds Goes PrivateThe U.S. government has renewed funding for the Common Vulnerabilities and Exposures (CVE) Program, a critical database for tracking cybersecurity flaws, just hours before its funding was set to expire. Established 25 years ago, the CVE program assigns unique identifiers to security vulnerabilities, facilitating consistent communication across the cybersecurity landscape. The renewal of funding comes amid concerns that without it, new vulnerabilities could go untracked, posing risks to national security and critical infrastructure. In response to the funding uncertainty, two initiatives emerged: the CVE Foundation, a nonprofit aimed at ensuring the program's independence, and the Global CVE Allocation System...
2025-04-1714 minEl Negocio de la Tecnología
El Negocio de la TecnologíaPrograma CVE Salvado, Nombramiento de CISA Bloqueado, Modelos de IA de OpenAI Lanzados, SolarWinds se Vuelve PrivadoEl gobierno de EE. UU. ha renovado la financiación del Programa de Exposición y Vulnerabilidades Comunes (CVE), una base de datos crítica para rastrear fallos de ciberseguridad, justo horas antes de que su financiación estuviera a punto de expirar. Establecido hace 25 años, el programa CVE asigna identificadores únicos a las vulnerabilidades de seguridad, facilitando la comunicación consistente en el panorama de la ciberseguridad. La renovación de la financiación se produce en medio de preocupaciones de que, sin ella, nuevas vulnerabilidades podrían no ser rastreadas, lo que representa riesgos para la seguridad...
2025-04-1716 minCyberWire Daily
CyberWire DailyCVE program gets last-minute lifeline.The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked. Remember to leave us a 5-star ra...
2025-04-1633 minSANS Internet Storm Center\'s Daily Network Security News Podcast
SANS Internet Storm Center's Daily Network Security News PodcastSANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes (#)SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes Online Services Again Abused to Exfiltrate Data Attackers like to abuse free online services that can be used to exfiltrate data. From the “originals”, like pastebin, to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862 OpenSSH 10.0 Released OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate bina...
2025-04-1605 minWe Speak CVE
We Speak CVE25 Years of CVE and What’s NextHost Shannon Sabens speaks with fellow CVE Board members Kent Landfield and Madison Oliver and CVE Program Lead Alec Summers about the 25th anniversary of the CVE Program. Topics include the history of the program, the program today, and what’s next.
2025-02-0447 minVulnVibes
VulnVibes[VULN] - Multiple security flaws in SimpleHelp - CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
2025-01-1604 minBelow the Surface (Audio) - The Supply Chain Security Podcast
Below the Surface (Audio) - The Supply Chain Security PodcastCVE Turns 25In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software vulnerabilities and the need for maintaining the integrity of CVE records in an ever-evolving cybersecurity landscape. In this conversation, the speakers discuss the complexities of managing and analyzing vulnerabilities in software, mainly focusing on the roles of CVE and CVSS in providing...
2024-12-091h 02CYFIRMA Research
CYFIRMA ResearchCYFIRMA Research: CVE-2024-7479 and CVE-2024-7481- Privilege Escalation - Vulnerability Analysis and ExploitationCritical Alert: Organizations using TeamViewer's Remote Client and Remote Host products on Windows must act now!CVE-2024-7479 and CVE-2024-7481 present a severe risk of privilege escalation. With millions of users potentially affected globally, immediate action is crucial. Both flaws involve improper cryptographic signature verification during driver installation. Specifically, CVE-2024-7479 pertains to VPN drivers, while CVE-2024-7481 relates to printer drivers. These vulnerabilities allow local, unprivileged attackers to escalate their privileges by exploiting TeamViewer's installation process and loading malicious drivers onto the system. Users should update to version 15.58.4 or later to mitigate this risk, check...
2024-11-0603 minWe Speak CVE
We Speak CVECNA Onboarding Process Myths Versus FactsShannon Sabens of CrowdStrike chats with Dave Morse, program coordination lead for the CVE Program, about the myths and facts of the CVE Numbering Authority (CNA) partner onboarding process. Truth and facts about the following topics are discussed: duration and complexity of the onboarding process; the fact that there is no fee to participate; ease of incorporating assigning CVE Identifiers (CVE IDs) and publishing CVE Records into an organization’s existing coordinated vulnerability disclosure (CVD) processes; availability of automated tools for CNAs; the CVE JSON Record format and available guidance; role of Roots and Top-Level Roots and ho...
2024-10-0124 minCYFIRMA Research
CYFIRMA ResearchCYFIRMA Research- CVE-2024-40725 and CVE-2024-40898 Vulnerabilities in Apache’s HTTP Server: Vulnerability Analysis and ExploitationCVE-2024-40725 and CVE-2024-40898 are critical vulnerabilities in Apache’s HTTP Server. CVE-2024-40725 affects the mod_proxy module and enables HTTP Request Smuggling attacks, while CVE-2024-40898 allows authentication bypass due to improper SSL configuration. With widespread exposure, these vulnerabilities pose severe risks globally. Immediate patching is crucial to safeguard sensitive systems from potential exploitation.Link to the Research Report: CVE-2024-40725 and CVE-2024-40898 Vulnerabilities in Apache’s HTTP Server : Vulnerability Analysis and Exploitation - CYFIRMA #CyberSecurity #ApacheVulnerabilities #CVE202440725 #CVE202440898 #PatchNow #InfoSec #CyberThreats #CYFIRMA #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLMhttps://www.cyfirma.com/
2024-09-1603 minCVE-podden
CVE-podden33. Almedalsveckan 2024: Våldsbejakande extremism i Sverige och omvärldenEn orolig omvärld skapar ett allvarligt läge i Sverige med komplexa och överlappande hot. Säkerhetspolisen ser en utveckling i Sverige där allt fler sympatiserar med våldsbejakande extremisters ideologi och propaganda. Våldsbejakande extremism, oavsett om den är höger, vänster eller islamistisk, är samtidigt transnationell. De senaste åren har ett antal händelser påverkat bilden av Sverige både inom landet och utomlands som kan vara hotdrivande. Samtidigt har olika typer av författningshot utkristalliserats. Ökad misstro mot samhällets funktioner och det demokratiska systemet riskerar att urholka tilliten till myndigheter och in...
2024-08-0756 minCVE-podden
CVE-podden32. Almedalsveckan 2024: Statsstödd extremism? Hur påverkar auktoritära stater hotet från våldsbejakande extremism?Det allvarliga omvärldsläget skärper hoten mot Sverige, och främmande makt agerar allt mer offensivt. På senare år har det vid upprepade tillfällen förts på tal att statsaktörer kan underblåsa extremistiska aktörers säkerhetshotande verksamhet i och mot Sverige. Att statsaktörer kan underblåsa hot mot Sverige har uppmärksammats i samband med desinformationskampanjen mot socialtjänsten, koranbränningarna och mordplaner mot svenska judar, samt regimkritiker från olika länder. Det finns även ett flertal exempel på hur stater har främjat egna politiska och säkerhetsmässiga intressen genom att använda sig av...
2024-08-0743 minCVE-podden
CVE-podden31. Almedalsveckan 2024: Kan strategisk kommunikation vara redskap mot våldsbejakande extremism?Hur ska myndigheter kommunicera för att motverka anti-demokratiska krafter som vill använda våld för att förändra samhället? Falska rykten, desinformation och propaganda som sprids via digitala plattformar och AI kan mycket snabbt påverka hotbilden mot Sverige. I början av året presenterade regeringen en nationell strategi mot våldsbejakande extremism och terrorism. Fokus är lokalt, regionalt, nationellt och internationellt. I detta arbete är kommunikation centralt. Hur ska myndigheter använda kommunikation för att motverka våldsbejakande extremism? Välkommen att lyssna på detta panelsamtal från Almedalsveckan 2024. Medverkande Karl Melin, pressch...
2024-08-0756 minCVE-podden
CVE-podden30. Almedalsveckan 2024: Antisemitism – hatet som förenar extremisternaHur kan vi hindra antisemitismen från att öka i en polariserad tid? Vilka likheter och skillnader finns mellan antisemitiska idéer idag och genom historien? Hur arbetar regeringen med frågan? Under Almedalsveckan 2023 anordnade CVE och Segerstedtinstitutet ett gemensamt seminarium på detta tema. Ämnet har tyvärr knappast tappat relevans under året som  gått, och därför hölls ett uppföljande seminarium under Almedalsveckan 2024. Det kan du lyssna på här! Medverkande:  Christer Mattsson, föreståndare, Segerstedtinstitutet Parisa Liljestrand, kulturminister, (M) Petra Mårselius, överintendent, Forum för levande historia Isabella Pistone, filo...
2024-08-071h 01We Speak CVE
We Speak CVEExpected Impact of the CNA Rules 4.0Host Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about the all-new “CVE® Numbering Authority (CNA) Operational Rules Version 4.0.” Topics discussed include the new fundamental concept embedded throughout the rules called the “right of refusal”; how CVE assignment is technology neutral (i.e., cloud, artificial intelligence, etc.); end-of-life assignments; the dispute process; how CNAs can add additional data to their CVE Records such as CVSS, CWE, and CPE information at the time of disclosure for use by downstream consumers; and the expected positive i...
2024-05-2137 minThreat Talks - Your Gateway to Cybersecurity Insights
Threat Talks - Your Gateway to Cybersecurity InsightsPalo Alto Networks CVE-2024-3400: a comprehensive analysis of the vulnerabilityTune into this special episode of Threat Talks, as we dissect the critical CVE 2024 3400 vulnerability in Palo Alto Networks' GlobalProtect servers. Join our cybersecurity experts for a deep dive into the vulnerability's implications, our response strategies, and practical tips to bolster your defenses against similar threats. For those who crave even more detailed insights, be sure to check out our comprehensive information page on this topic: https://on2it.net/nl/cve-2024-3400-pan-os-os-command-injection-vulnerability-in-globalprotect/ And read our blog posts for a deeper dive into the technical aspects and implications of...
2024-05-0740 minWe Speak CVE
We Speak CVESwimming in Vulns (or, Fun with CVE Data Analysis)Host Shannon Sabens of CrowdStrike chats with Benjamin Edwards and Sander Vinberg, both of Bitsight, about analyzing vulnerability data in the CVE List. This is a follow-on to their “CVE Is The Worst Vulnerability Framework (Except For All The Others)” talk at CVE/FIRST VulnCon 2024.Topics discussed include the types of vulnerabilities and vulnerability intelligence they reviewed and the different ways they approached the data; how CVE is a really good framework for compiling information about, and communicating effectively about, vulnerabilities; how increasing the number of CVE Numbering Authorities (CNAs) through federation has improved the quantity and qual...
2024-04-2943 minChaos Lever Podcast
Chaos Lever PodcastWhen Code Goes Rogue: The CVE-2024-3094 SagaNed and Chris discuss the impact of a sophisticated cybersecurity vulnerability, CVE-2024-3094, found in xz compression software by a Microsoft employee.CVE-2024-3094In this Chaos Lever episode, Ned and Chris look into the shadowy depths of cybersecurity where a malicious code, CVE-2024-3094, lurks within the seemingly benign xz compression software. This problem was deliberately created by someone with harmful intentions and essentially allows hackers to sneakily access and manipulate data in systems using this software. Ned and Chris uncover how this exploit could give hackers unfettered access to Linux systems worldwide...
2024-04-1135 minWe Speak CVE
We Speak CVEMeet the 3 New CVE Board MembersIn this episode — recorded live at “CVE/FIRST VulnCon 2024” — CVE Board member and CVE podcast host Shannon Sabens of CrowdStrike chats with the three newest CVE Board members: Madison Oliver of GitHub Security Lab, Tod Beardsley of Austin Hackers Anonymous (AHA!), and MegaZone of F5 who joins as the new CVE Numbering Authority (CNA) Liaison to the Board.Topics include how and why each new member joined the board, the impact that participating in CVE Working Groups had on their decisions to become Board me...
2024-04-0925 minWe Speak CVE
We Speak CVECVE Records States and TagsHost Shannon Sabens speaks with Art Manion and Kent Landfield, all three of whom are CVE Board members and CVE Working Group (WG) chairs, about CVE Records.  Discussion topics include the CVE Record Lifecycle, the three “states” of CVE Records (RESERVED, PUBLISHED, and REJECTED), the current “tags” in use with CVE Records (EXCLUSIVELY-HOSTED-SERVICE; UNSUPPORTED-WHEN-ASSIGNED; and DISPUTED), the difference between the REJECTED state and the DISPUTED tag, how a DISPUTED tag can be temporary or indefinite, and much more. 
2024-03-2633 minCVE-podden
CVE-podden29. Nya nationella strateginDet här avsnittet handlar om den nya nationella strategin mot våldsbejakande extremism och terrorism som regeringen presenterade i början av 2024.  Medverkar gör Jonas Trolle, chef CVE Josefin Bergström seniorrådgivare som ingår i CVE's mobila stödteam. Programledare är Jenny Sonesson som är pressansvarig på CVE. 
2024-03-0535 minCVE-podden
CVE-podden28. Hur ser CVE:s operativa stöd ut i praktiken?Det här avsnittet är en fortsättning på tidigare episod om hur CVE:s mobila stödteam arbetar. Förra samtalet handlade om vem som kan rådfråga CVE och hur ett första samtal går till. Det här avsnittet tar upp vad som händer sedan med ett ärende. Vilka insatser kan CVE erbjuda? Medverkande: Marcus Hjelm och Elias Lomfors Carlberg, rådgivare respektive handläggare i CVE:s mobila stödteam Samtalsledare: Jenny Sonesson, pressansvarig, CVE. 
2024-03-0530 minCVE-podden
CVE-podden27. Hur kontaktar man CVE:s mobila stödteam?CVE har ett mobilt stödteam som erbjuder vägledning till yrkesverksamma i hela landet som kommer i kontakt med frågor som rör våldsbejakande extremism. I det här avsnittet svarar vi på frågor som: Vem kan kontakta CVE? Vilka sorts ärenden kan man ta upp? Hur går ett första samtal till. Medverkande: Marcus Hjelm och Eva Mowitz, rådgivare i CVE:s mobila stödteam. Samtalsledare är Jenny Sonesson, pressansvarig CVE. 
2024-03-0520 minWe Speak CVE
We Speak CVEThe Council of RootsLearn how CVE Numbering Authority (CNA) partners—ranging from large to small organizations, proprietary and open-source products or projects, disparate business sectors, and different geographic locations—are overseen and supported within the CVE Program by “Top-Level Roots” and “Roots.” Topics include the roles and responsibilities of the two different types of Roots; how their work benefits the CNAs under their care; how they recruit new CNA partners, including suggestions for addressing upper management concerns if a CNA prospect organization is hesitant to partner as a CNA; how they work with and support their CNAs over time; how the “Council of Roots” work...
2024-01-3048 minCVE-podden
CVE-podden26. Interreligiös dialog och förebyggande arbeteI denna podd diskuteras hur religioner, trossamfund, och samarbete med/mellan dessa kan utgöra en del av det förebyggande arbetet mot våldsbejakande extremism. Samtalet förs mellan Lenita Törning, forskare med fokus på interreligiösa frågor samt utredare vid CVE, och Sofia Hallbäck, verksamhetsansvarig på stiftelsen Open Skåne, som arbetar för att öka social sammanhållning. Diskussionen leds av Dan-Erik Andersson, docent och universitetslektor i mänskliga rättigheter vid Lunds universitet. 
2023-10-1632 minWe Speak CVE
We Speak CVEHow the New CVE Record Format Will Benefit ConsumersShannon Sabens of CrowdStrike and Kent Landfield of Trellix, both of whom are CVE Board members and CVE Working Group chairs, speak about how the new CVE Record format — with its new structured data format and optional information fields — will benefit and provide enhanced value to consumers of CVE content moving forward. Specific topics discussed include how the new CVE Record format will enable more complete vulnerability information to be captured early on in the advisory process and how that will benefit consumers; the ability for CVE content consumers to streamline and more easily automate their use of CV...
2023-09-2725 minInside Rehabilitation Counseling
Inside Rehabilitation CounselingExploring the CVE Certification with Lisa Byrne, MA, CRC, CVE, LCPCThe Certified Vocational Evaluator certification, or CVE, is a high-demand specialty within rehabilitation counseling. CVEs possess unique, comprehensive, and holistic proficiencies in evaluation, career assessment services, and job placement cases. The CRC-CVE dual certification can also provide clients and employers with higher success rates and overall better client outcomes.Lisa Byrne was instrumental in the revitalization of the CVE certification under CRCC, and on this episode, she shares with us the scope of the specialization and why it’s important for clients and employers.Learn more about the CVE Certification and apply for the February 2024 co...
2023-09-2019 minOpen Source Security
Open Source SecurityCurl and the calamity of CVEJosh and Kurt talk about why CVE is making the news lately. Things are not well in the CVE program, and it's not looking like anything will get fixed anytime soon. Josh and Kurt have a unique set of knowledge around CVE. There's a lot of confusion and difficulty in understanding how CVE works. Show Notes Curl blog post Now it's PostgreSQL's turn to have a bogus CVE GitHub Advisory Database Josh's "CVE tried to get me fired" story
2023-09-1146 minCVE-podden
CVE-podden23. Skolattacker – hur kan de förebyggas?Denna podd är en liveinspelning från ett av CVE:s seminarier under Almedalsveckan i Visby 2023.På senare år har flera fall av pågående dödligt våld ägt rum på skolor i Sverige. Det förekommer att skolattacker motiveras av våldsbejakande extremism, men vanligare är att de som begår denna typ av handlingar inspireras – snarare än motiveras – av extremistiskt tankegods, symbolspråk, etc. Detta innebär att personal, elever och föräldrar behöver stöd och förebyggande verktyg. CVE hanterar just nu i sin verksamhet flera ärenden som rör skolans värld. Jonas Trolle, chef för...
2023-08-2157 minCVE-podden
CVE-podden22. Hat mot kvinnor och våldsbejakande extremismDenna podd är en liveinspelning från ett av CVE:s seminarier under Almedalsveckan i Visby 2023. Extremiströrelser inkluderar ofta en strävan att bibehålla mäns makt över kvinnor i sina ideologier. Allt oftare uppmärksammas även att hat mot kvinnor i sig kan radikalisera vissa aktörer och få dem att ta till brott och våldshandlingar. Barnrättsorganisationen Ecpat ser hur övergreppsmaterial på flickor och kvinnor sprids med närmast ideologiska förtecken. Hur ska förhållandet mellan hat och brott mot kvinnor och flickor, våldsamma mansideal och våldsbejakande extremistiska ideologier förstås? Vilka lärdomar kan...
2023-08-211h 00CVE-podden
CVE-podden21. Antisemitism – kittet som förenar extremismernaDenna podd är en liveinspelning från ett av CVE:s och Segerstedtinstitutets gemensamma seminarier under Almedalsveckan i Visby 2023. Våldsbejakande extremister motiveras av en mångfald av idéer. Vissa drivkrafter är dock konstanta och spänner över samtliga miljöer. Antisemitismen har drivit våldsamma hataktörer i århundraden, och utgör en självklar del av nutida våldsbejakande extremistiska världsbilder. Hur yttrar sig antisemitismen inom dagens våldsbejakande extremistiska miljöer? Vilka likheter och skillnader finns mellan antisemitiska idéer idag och genom historien? Vad bör myndigheter, media, och andra viktiga samhällsaktörer göra för att motarb...
2023-08-2159 minCVE-podden
CVE-podden20. Psykisk ohälsa och våldsbejakande extremismDenna podd är en liveinspelning från ett av CVE:s och Segerstedtinstitutets gemensamma seminarier under Almedalsveckan i Visby 2023. Psykisk ohälsa lyfts allt oftare fram som en gemensam nämnare hos aktörer som motiveras av våldsbejakande extremism, inte minst när det kommer till ensamagerande gärningspersoner. Hur ser kopplingen mellan psykisk ohälsa, våldsbejakande extremism och våldsdåd ut? Hur påverkar denna koppling det förebyggande arbetet mot våldsbejakande extremism? Deltagare: Jonas Trolle (Chef CVE), Christer Mattsson (Föreståndare Segerstedtinstitute)t, Ahn-Za Hagström (Chef Nationellt Centrum för Terrorhotsbedömning...
2023-08-2154 minCup o\' Go
Cup o' GoIs it Gone-W or Go-New? Plus CVE fixes, Go Dev Survey, and Benthos interviewGo 1.21RC4 is out🪳 CVEsCVE-2023-29409 fixed in Go 1.20.7 & 1.19.12CVE-2023-3978 fixed in golang.org/x/net & golang.org/x/net/html v0.13.0CVE-2023-29407 & CVE-2023-29408 fixed in golang.org/x/image & golang/x/image/tiff v0.10.0🗳️ Go Developer Survey open until August 10🆕 gonew: Experimenting with project templates by Cameron Balahan📘 Have you written a book about Go? Contact Bill Kennedy: bill@ardenlabs.comProposal: time: stop requiring Timer/Ticker.Stop for prompt GCBlog post: Zero allocations metrics with opentelemetry-go by Howard JohnInterviewBenthos projectBenthos community linksAshley JeffsTwitterLinkedInGitHubMihai TodorTwitterLinkedInGitHub ★ Support this podcast on Patreon ★
2023-08-0457 minWe Speak CVE
We Speak CVEBecoming A CNA—Myths versus FactsHost Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA).Truth and facts about the following myths are discussed:Myth #1:  Only a specific category of software vendors can become CNAs.Myth #2:  Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.Myth #3:  The requirements for becoming a CNA are overwhelming and extensive.Myth #4:  A fe...
2023-06-2122 minFOCUS ON: Linux
FOCUS ON: LinuxNewsupdate 05/23 - Linux 6.3 und 6.4-rc1, CVE-2023-0386/32233, QEMU 8.0, RHEL 9.2, LIT 2023#CurlMeMayBe Die Kernel-Maintainer:innen schicken Linux 6.3 und 6.4-rc1 ins Rennen, während zwei CVEs geschlossen werden wollen. QEMU veröffentlicht mit 8.0 eine neue Hauptversion mit überschaubaren Änderungen. RHEL und AlmaLinux 9.2 werden veröffentlicht, parallel lässt Rocky Linux noch auf sich warten. An der Hochschule Augsburg findet der Augsburger Linux-Infotag statt, während Red Hat Summit und SUSECON in greifbare Nähe rücken. openSUSE ALP und SoftMaker Office suchen nach Feedback. Feedback Interview mit Lomiri-Lead Developer: https://www.youtube.com/watch?v=Lc6gGs2kM4c Aufreger des Monats Red Hat KB "systemd-cryptsetup: Encounter...
2023-05-191h 15We Speak CVE
We Speak CVEMicrosoft’s Journey Adopting CVE Services & CVE JSON 5.0Kris Britton of the CVE Program speaks with Lisa Olson of Microsoft about Microsoft’s journey adopting the new CVE Services and CVE JSON 5.0 into their vulnerability management infrastructure and how they used them for the first time as part of Microsoft’s February 2023 Patch Tuesday.Discussion topics include the CVE JSON 5.0 schema mind map and other schema resources on GitHub; reviewing CVE JSON 5.0 records on the CVE.ORG website; using Vulnogram, or one of the other CVE Services clients...
2023-03-0730 minCYBER2GO
CYBER2GOAnonymous Sudan rammer hospitaler, WordPress plugin og tema: 9.8-score CVE, Microsoft Defender auto-tilføjes i 365Tre emner dækker dagens episode: Anonymous Sudan har taget ansvar på DDoS-angreb der har ramt hospitaler og lufthavne landet over. WordPress plugin og -tema Houzez har to CVE'er med CVSS-scorer på 9.8. Microsoft auto-tilføjer og slår Microsoft Defender til på Windows 10-maskiner der bruger Microsoft 365.CVE'er nævnt i denne episode: CVE-2023-26540 og CVE-2023-26009.Vært: Omar Hawwash, Cybersikkerhedskonsulent og journalist, LEVEL7.    
2023-02-2803 minCYBER2GO
CYBER2GOApple patcher zero-day til iPhones og iPads, CFCS opdaterer logging-guide, GTA V Online får CVETre emner dækker dagens episode: Apple har udgivet en vigtig patch for en zero-day sårbarhed, som de har fået rapporter på er blevet 'aktivt misbrugt'. Centeret for Cybersikkerhed har opdateret deres logging-guide, i kølvandet på de nylige DDoS-angreb. GTA V Online har fået sin første CVE for 2023.CVE'er nævnt i denne episode: CVE-2022-42856 (Apple) og CVE-2023-24059 (GTA)Vært: Omar Hawwash, Cybersikkerhedskonsulent og journalist, LEVEL7.    
2023-01-2404 minWe Speak CVE
We Speak CVECoordinated Vulnerability DisclosureShannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities.OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The CVD Guide was released by OpenSSF’s Vulnerability Disclosure working group in September 2022, which in 2021 released its “Guide to Implementing a Coordinated Vu...
2022-12-3023 minCVE-podden
CVE-podden19. Maskulinitet och våldsbejakande extremism - hur ska vi se på sambandet? Jonas Trolle, chef för CVE och Mikael Thörn, enhetschef på Jämställdhetsmyndigheten resonerar om hur sambanden mellan manlighet och våldsbejakande extremism kan användas i det förebyggande arbetet mot våldsbejakande extremism. Utgångspunkten för deras samtal är den nysläppta kunskapsöversikten Män, maskulinitet och våldsbejakande extremism. Samtalet leds av journalisten och författaren Jens Liljestrand.   Män, maskulinitet och våldsbejakande extremism finns att ladda ner på CVE.se under sektionen publikationer. Lyssna gärna på avsnitt Män, maskulinitet och våldsbejakande extremism för att höra Lucas Gottzén samtala om rapporte...
2022-12-0621 minCVE-podden
CVE-podden18. Män, maskulinitet och våldsbejakande extremism Professor Lucas Gottzén är aktuell med kunskapsöversikten Män, maskulinitet och våldsbejakande extremism, som tagits fram på uppdrag av Center mot våldsbejakande extremism (CVE) och Jämställdhetsmyndigheten. Hör honom reflektera över sina slutsatser och rekommendationer om sambanden mellan maskulinitet och våldsbejakande extremism i ett samtal med journalisten och författaren Jens Liljestrand. Gottzéns forskningsöversikt visar hur många våldsbejakande extrema miljöer delar en syn på att världen behöver en återupprättad manlighet och där kvinnohat och antifeminism är centralt. De förenas i tron på att världen behöver ett återupp...
2022-12-0638 minFOCUS ON: Linux
FOCUS ON: LinuxNewsupdate 11/22 – CVE-2022-3602/3786, Python 3.11, Fedora 37, Gitea-Fork, RHEL 8.7/9.1Mit Python 3.11 und Fedora 37 besprechen wir zwei langersehnte Versionsupdates. Letzteres wurde aufgrund des berüchtigten CVE-2022-3602 und 3786 mehrfach verschoben. Ein neues Unternehmen rund um Gitea beschert uns einen Fork, während eine Diskussion übe Mit Python 3.11 und Fedora 37 besprechen wir zwei langersehnte Versionsupdates. Letzteres wurde aufgrund des berüchtigten CVE-2022-3602 und 3786 mehrfach verschoben. Ein neues Unternehmen rund um Gitea beschert uns einen Fork, während eine Diskussion über Blockchain-Technologie und LibreOffice die Gemüter erhitzt. Microsoft stellt seine neue Teams-PWA und Lennart Poettering mit Unified Kernel Images einen Ansatz vor, um den Bootvorgang weiter abzusichern. Feedback / Ankündi...
2022-11-251h 05We Speak CVE
We Speak CVECNA Mentoring Program: Members Helping MembersHost Shannon Sabens of CrowdStrike chats with Tod Beardsley of Rapid7, who is the chair of the CVE Program's CNA Coordination Working Group (CNACWG), about the CNACWG’s "CNA Mentoring Program." Topics discussed include how CVE is a community, how the mentoring program is as little or as much work as you’d like it to be, the many ways in which mentoring can help new CVE Numbering Authorities (CNAs) be successful, the benefits to both organizations, the very simple signup process (a Google form, no login requ...
2022-10-1821 minCVE-podden
CVE-podden17. Vad gör Center mot våldsbejakande extremism?Välkommen till samtal om Center mot våldsbejakande extremism (CVE) där medarbetare berättar om verksamheten. Centret, som ligger inom Brottsförebyggande rådet, har sedan starten 2018 ett mobilt stödteam som vägleder yrkesverksamma personer i frågor som rör våldsbejakande extremism. CVE arbetar även med kunskapsunderlag och utbildningsverksamhet. Podden är en inspelning från ett seminarium som CVE anordnade under Almedalsveckan i Visby 2022. Medverkande: Edvin Sandström, ansvarig kunskapsfrågor, CVE Joakim von Scheele, utbildningsansvarig, CVE Marcus Hjelm, senior rådgivare mobila stödteamet, CVE Emma Holmg...
2022-09-2941 minCVE-podden
CVE-podden16. Ungas radikalisering - vad ska samhället göra?Den digitala utvecklingen innebär att allt fler yngre personer lättare kan ta del av våldsbejakande extremistiska budskap. Vad kan samhället göra för att bemöta ungas radikalisering?  Välkommen till ett samtal med CVE, Säkerhetspolisen, stiftelsen Doku och stiftelsen Expo. Podden är en inspelning från ett seminarium som CVE anordnade under Almedalsveckan i Visby 2022. Medverkande: Ahn-Zha Hagström, senior analytiker Säkerhetspolisen Jonas Trolle, särskild utredare för säkerhet i skolan och chef CVE Emma Holmgren, senior rådgivare CVE Sofie Löwenmar...
2022-09-2956 minCVE-podden
CVE-podden15. Våldsbejakande extremism i Sverige och omvärldenSäkerhetspolisen ser en utveckling i Sverige där allt fler sympatiserar med våldsbejakande extremisters ideologi och propaganda. Våldsbejakande extremism, oavsett om den är höger, vänster eller islamistisk, är samtidigt transnationell. Välkommen till ett samtal med Center mot våldsbejakande extremism (CVE) och Säkerhetspolisen. Podden är en inspelning från ett seminarium som CVE anordnade under Almedalsveckan i Visby 2022. Medverkande:  Ahn-Zha Hagström, senior analytiker Säkerhetspolisen Jonas Trolle, chef CVE Moderator: Jenny Sonesson, pressansvarig CVE 
2022-09-2958 minCVE-podden
CVE-podden14. Varför är lokal samverkan mot våldsbejakande extremism viktigt?Det talas ofta om lokal samverkan i det brottsförebyggande arbetet, men det är inte alltid så lätt att få svar på hur det rent praktiskt ska gå till. CVE och Brottsförebyggande rådet ger vägledning. Medverkande: Linus Dahlström, senior rådgivare CVE Christina Söderberg, utredare vid enheten för utveckling av brottsförebyggande arbete (UBA) inom Brottsförebyggande rådet Moderator: Jenny Sonesson, pressansvarig CVE 
2022-09-2938 minCVE-podden
CVE-podden13 Hur gör man lokala lägesbilder om våldsbejakande extremism?Samhällets brottsförebyggande aktörer uppmanas ofta att arbeta utifrån lägesbilder, men hur detta kan göras beskrivs mer sällan konkret. Medarbetare från CVE:s mobila stödteam ger vägledning.  Medverkande: Marcus Hjelm, senior rådgivare CVE Josefin Bergström, senior rådgivare CVE Moderator: Jenny Sonesson, pressansvarig CVE
2022-09-2929 minCVE-podden
CVE-podden12 Vad gör mobila stödteamet mot våldsbejakande extremism?Sedan starten 2018 har Center mot våldsbejakande extremism (CVE) ett mobilt stödteam som erbjuder vägledning och handledning till yrkesverksamma, framförallt i kommuner. I det här avsnittet presenteras verksamheten. Medverkande: Marcus Hjelm, senior rådgivare mobila stödteamet Elias Lomfors Carlberg, handläggare mobila stödteamet Moderator: Jenny Sonesson, pressansvarig CVE 
2022-09-2928 minCVE-podden
CVE-podden11 MetodstödI detta avsnitt informerar vi om det bedömningsstöd - eller metodstöd som vi numera benämner det, som CVE har tagit fram för att stötta socialtjänsten vid utredning av oro för våldsbejakande extremism.  Medverkande är Maria von Bredow utredare på CVE, Emma Holmgren rådgivare på CVE, Lenita Törning utredare på CVE. 
2022-09-2813 minWe Speak CVE
We Speak CVEAn Insider’s View of the CVE ProgramShannon Sabens of CrowdStrike and Tod Beardsley of Rapid7, both of whom are CVE Board members and CVE Working Group chairs, chat about the CVE Program from their insider’s perspectives.Topics include the value of a federated program of CVE Numbering Authorities (CNAs) from around the world for increased assignment of CVE Records; the upside and minimal requirements to becoming a CNA; the types of organizations that are CNAs; how CNAs are a community with a mentoring program; how CNAs assigning CVE Identifiers (CV...
2022-09-2723 minTime For A Reset Marketing Podcast: Insights from Global Brand Marketers
Time For A Reset Marketing Podcast: Insights from Global Brand MarketersEpisode 39 - The Inside Track on Why Canton Joined CvEAre you curious about the behind-the-scenes story of how Canton Marketing Solutions joined the CvE and Goodway Group family? In this week's episode of Time for a Reset, we sit down with founders Rob Webster and Nick King, who share their journey and the reasons behind their decision.With decades of experience in digital marketing and leadership roles at top companies such as MediaCom, Yahoo, Tacoda, Crimtan, News UK and Future, Rob and Nick are experts in the field. In 2018, they founded Canton Marketing Solutions, a consultancy aimed at helping brands take control of their digital marketing...
2022-09-0842 minFOCUS ON: Linux
FOCUS ON: LinuxNewsupdate 06/22 – CVE-2022-1966, openSUSE Leap 15 SP4, AlmaLinux 9.0, NixOS 22.05, HP Dev OneKurz vor dem Sommerloch erreicht uns mit CVE-2022-1966 wieder eine kritische Sicherheitslücke, die es zu schließen gilt. Glücklicherweise gibt es mit openSUSE Leap 15 SP4, AlmaLinux 9.0 und NixOS 22.05 neue Distributionsversionen mit erfreulichen Verände Kurz vor dem Sommerloch erreicht uns mit CVE-2022-1966 wieder eine kritische Sicherheitslücke, die es zu schließen gilt. Glücklicherweise gibt es mit openSUSE Leap 15 SP4, AlmaLinux 9.0 und NixOS 22.05 neue Distributionsversionen mit erfreulichen Veränderungen. Canonical zeigt sich bemüht, Ubuntu "snappier" zu machen und Christian findet HPs neues Dev One-Notebook vielversprechend und gleichermaßen überarbeitungswürdig. Links zur Folge:
2022-06-241h 04We Speak CVE
We Speak CVEThe Value of Assigning CVEsShannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma in a CVE. CVE Numbering Authority (CNA) scopes, disclosure policies, turnaround times, and more are discussed in general, as are GitHub’s specific CNA processes and how it helps open-source projects hosted on GitHub with their CVEs and advisories. Madison also writes about many of these topics in...
2022-06-1419 minWe Speak CVE
We Speak CVEResearchers and PSIRTs Working Well TogetherShannon Sabens of CrowdStrike and Milind Kulkarni of a NVIDIA discuss what security researchers should expect when reporting vulnerabilities to a Product Security Incident Response Team (PSIRT); how to best to collaborate with them; how to interpret responses from the PSIRT; how to get the best outcome when making a report; supported versus end-of-life (EOL) products; CVE Numbering Authority (CNA) scopes; timing of a patch versus the publication of a CVE Record; and more. 
2022-05-0326 minFOCUS ON: Linux
FOCUS ON: LinuxNewsupdate 04/22 – CVE-2022-1015/1016, Ubuntu 22.04 LTS, elementaryOS, SUSE Adaptive Linux Platform, Red Hat Satellite 7.0Auch im April reißt die Kette nicht ab: mit CVE-2022-1015 und CVE-2022-1016 gibt es wieder zwei Sicherheitslücken, die es zu schließen gibt. Wir besprechen das sehnlich erwartete Ubuntu 22.04 LTS-Release und die aktuelle Pop!_OS-Beta. Weniger schöne News Auch im April reißt die Kette nicht ab: mit CVE-2022-1015 und CVE-2022-1016 gibt es wieder zwei Sicherheitslücken, die es zu schließen gibt. Wir besprechen das sehnlich erwartete Ubuntu 22.04 LTS-Release und die aktuelle Pop!_OS-Beta. Weniger schöne News gibt es aus dem elementaryOS-Projekt, welches sich nach Streitigkeiten neu ausrichtet. SUSE lässt mit A...
2022-04-291h 08Man Behind The Machine
Man Behind The MachinePegasus, 1984, CVE-2016-4655, CVE-2016-4656, CVE-2016-4657 War gamesOn this episode: Pegasus fly fly fly : Pegasus is able to exploit iOS versions up to 14.6, through a zero-click exploit Pegasus was a beautiful winged horse who sprang from the body of Medusa when she was slain by the hero Perseus, the son of Zeus and Danaë. Spreading out his wings he immediately flew to the top of Mount Olympus, where he was received with delight and admiration by all the immortals. Pegasus : iOS, Cyberspace, 1984, CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
2022-04-201h 41We Speak CVE
We Speak CVEThe Latest on Transitioning to CVE Services 2.1 & CVE JSON 5.0Lisa Olson of Microsoft and Kris Britton of the CVE Program speak with Kelly Todd of the CVE Program about the transition that’s currently underway for CVE Numbering Authorities (CNAs) to CVE Services 2.1 and CVE JSON 5.0. Their discussion includes how the new services and data format will enable effective and secure automation, improve workflows, and reduce the transaction costs of program participation for CNAs, as well as provide enhanced information in CVE Records for use by downstream consumers.Specific topics include how the CVE Services 2.1 web application adds the CVE Record Submission and Upload Service (RSUS) fo...
2022-03-1522 minFOCUS ON: Linux
FOCUS ON: LinuxNewsupdate 01/22 – CVE-2022-0185, D-Installer, SUSE Liberty LinuxDas neue Jahr beginnt wie das alte Jahr endete: mit einer knackigen CVE! Neben fehlerhaften Operatoren thematisieren wir auch den womöglich größten Kernel-Einzelpatch aller Zeiten. Es keimen Gerüchte um einen weiteren CentOS-Fork auf, während SUSE und Fe Das neue Jahr beginnt wie das alte Jahr endete: mit einer knackigen CVE! Neben fehlerhaften Operatoren thematisieren wir auch den womöglich größten Kernel-Einzelpatch aller Zeiten. Es keimen Gerüchte um einen weiteren CentOS-Fork auf, während SUSE und Fedora an neuen Web-Installern arbeiten. Ubuntu schraubt an Snapcraft und schneidet alte Zöpfe ab. AppImage, Flatpak und Snap im...
2022-01-2854 minWe Speak CVE
We Speak CVEEnhancing CVE Records as an Authorized Data PublisherKent Landfield of McAfee and Art Manion of CERT/CC discuss how the CVE Program’s upcoming release of JSON 5.0 will allow for additional and related information to be added to CVE Records after they have been published by CVE Numbering Authorities (CNAs). These additions — such as risk scores, affected product lists, versions, references, translations, etc. — will be made by “Authorized Data Publishers (ADPs),” which will be organizations authorized within the CVE Program to enrich the records. Also discussed are the benefits of enriched CVE Records to downstream users and the overall vulnerability management community, the use of Stakeholder-specific Vulnerabil...
2021-12-0727 minWe Speak CVE
We Speak CVEHow Red Hat's Active Participation Helps Improve the CVE ProgramShannon Sabens of CrowdStrike chats with Peter Allor, Fábio Olivé, and Martin Prpic of Red Hat, which is a long-time CVE Numbering Authority (CNA). The benefits of actively participating as a member of the CVE community are discussed, especially in the CVE Working Groups, which allows Red Hat to directly contribute to enhancing CVE automation and quality, as well as strategic planning for future improvements.Specific topics include Red Hat being a resource for other CNAs, particularly for open-source vendors and projects; the industry-wide value of the upcoming CVE Record JSON Schema to be a universal vu...
2021-11-2024 minWe Speak CVE
We Speak CVECVE Myths versus FactsEpisode 9 – Three CVE Board members provide the truth and facts about the following myths about the CVE Program:   Myth #1: The CVE Program is run entirely by the MITRE Corporation Myth #2: The CVE Program is controlled by software vendors Myth #3: The CVE Program doesn’t cover enough types of vulnerabilities Myth #4: The CVE Program is responsible for assigning vulnerability severity scores   CVE Program – https://www.cve.org CVE Board – https://www.cve.org/ProgramOrganization/Board 
2021-10-1227 minWe Speak CVE
We Speak CVECVE Working Groups, What They Are and How They Improve CVEOur eighth episode is all about how community members actively engage in the six CVE Working Groups (WGs) to help improve quality, automation, processes, and other aspects of the CVE Program as it continues to grow and expand. The chairs and co-chairs of each WG, each of whom is an active member of the CVE community, chat about their WG’s overall mission, current work, and future plans. Discussion begins with the Transition (TWG), a temporary WG focused on managing the numerous modernization, automation, and process transitions currently underway in the CVE Program. Each of the five ma...
2021-09-0226 minWe Speak CVE
We Speak CVEManaging Modernization and Automation Changes in the CVE ProgramEpisode 7 – Kelly Todd of the CVE Program speaks with Lisa Olson of Microsoft about managing the modernization and automation changes currently underway in the CVE Program. Topics include the efforts of the newly formed CVE Transition Working Group (Lisa, a CVE Board member, is co-chair); automation of CVE ID assignment and CVE Record publishing for CVE Numbering Authorities (CNAs), including the availability of free APIs and other improvements on the way; the upcoming new version release of JSON for the CVE Record format to enhance the data associated with a record; the upcoming availability of program metrics for the CV...
2021-08-2122 minCPradio
CPradioCyber Academy – CVE database [CPRadio]In this episode of “Cyber Academy" we will talk about the CVE database. What's a CVE? What do the numbers attached to the CVE mean? Are they random or not? Why do we need to catalogue CVEs? What is the connection between CVEs and dictionaries, phonebooks and the deep blue sea? Who is Mitre? and what do you do if you discover a CVE all by yourself? About CVEs, vulnerabilities and a lot more in this new episode of "Cyber Academy".
2021-08-0912 minWe Speak CVE
We Speak CVEHow the New CVE Record Format Is a Game ChangerEpisode 6 – Shannon Sabens of CrowdStrike chats with Chandan Nandakumaraiah of Palo Alto Networks about how the very basic legacy format of CVE Records is being transformed for the future by adding many new optional content fields such as multiple severity scores, credit for researchers, additional languages, ability for community contributions, etc., to make CVE Records even more valuable. The use of JSON for the new format and how that enables automation for both CNA publishers and CVE content consumers are also discussed, as are the use and availability of the CVE Program’s automated CVE Numbering Authority (CNA) tools for...
2021-07-0225 minWe Speak CVE
We Speak CVEEngaging with CVE's Automated CNA ServicesEpisode 5 – David Waltermire of NVD speaks with Milind Kulkarni of NVIDIA and Kris Britton of the CVE Program to discuss the CVE Program's automated CVE Numbering Authority (CNA) services. Topics include the automation architecture being developed and deployed by the CVE Automation Working Group (AWG); the benefits of using JSON for the CVE Record format; how automation simplifies and increases the speed of CNA processes; the currently deployed CVE ID Reservation (IDR) service; the upcoming release of the CVE Record Submission and Upload (RSUS) service; and future automation plans. CVE automated services on GitHub - https://github.com...
2021-06-0932 minWe Speak CVE
We Speak CVEInterview with Larry Cashdollar - A Researcher's PerspectiveEpisode 4 – Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his own CVE IDs to the vulnerabilities he discovers. CVE - https://cve.mitre.org/ Larry Cashdollar - https://twitter.com/_larry0
2021-04-2620 minEveryday RealTalk
Everyday RealTalk2.7: We discuss all of the acronyms! CVP, CVE, VMS, IAVM, VEIP!Today’s episode #7 of Season 2, Events RealTalk is all about the CVP or Certified Venue Professional, for those of you who don’t know what that is.  TJ discusses with Sarah the process of getting her CVP; pre-reqs, materials, studying, testing, CVP retention, etc. and the comparison with getting your VEIP or Virtual Events Institute Professional. SARAH & TJ CHAT ABOUT CVP: Certified Venue Professional, CVE: Certified Venue Executive, VEIP:  Virtual Events Institute Professional Pre-Reqs for these certifications, materials, studying, testing s it worth it?? RESOURCES AND LINKS MENTIONED IN THIS EPISODE: https://www.iavm.org/cv...
2021-04-2144 minWe Speak CVE
We Speak CVEPartnering with the CVE ProgramEpisode 3 - Shannon Sabens of CrowdStrike speaks with Jo Bazar of the CVE Program, Erin Alexander of CISA ICS, and Tomo Itou of JPCERT/CC about the structure and objectives of the CVE Numbering Authority (CNA) program, what it means to be a Root and a CNA, the benefits of partnering with the CVE Program, and recommendations for organizations considering becoming a Root or CNA. CVE - https://cve.mitre.org/ CISA - https://www.cisa.gov/ CrowdStrike - https://www.crowdstrike.com/JPCERT/CC - https://www.jpcert.or.jp/vh/index.html
2021-03-3118 minLast Week in .NET
Last Week in .NETA CVE for every SeasonLast Week in .NET - 3/13/2021💍There's a new proposal for a "static abstract" keyword. My brain is foggy on the use-cases here; but let's go with it.🚨 Do you use System.Text.Encodings.Web? There's a vulnerability that has been patched. The vulnerability is captured in CVE-2021-26701This vulnerability has been patched with the release of .NET 5.0.4, and .NET Core 3.1.13.For .NET 5.0.4, .NET 3.1.13, and .NET 2.1.26 this is a patch release that contains the CVE Fix. The usual provisos apply and patch your systems.🎉 .NET 6.0.0 Preview 2 has been released. .NET 6.0.0...
2021-03-1504 minWe Speak CVE
We Speak CVEHow MongoDB Manages Its CVEsEpisode 2 - Chris Sandulow, Boris Sieklik, and Lena Smart from MongoDB discuss their internal processes for managing CVEs, the importance of CVSS scoring to their customers, the benefits experienced from partnering with the CVE Program as a CVE Numbering Authority (CNA), and recommendations for other organizations considering becoming a CNA. 
2021-03-0123 minLe Comptoir Sécu
Le Comptoir Sécu[SECHebdo] 11 novembre 2020 - YouTube-dl, 2020 : année du ransomware (et containment par Mandiant), CVE Tiki Wiki, HTB Academy, CornerVuln, Botconf, GreHack, etc.
2020-11-1100 minCVE-podden
CVE-podden4 Vem gör vad när det gäller våldsbejakande extremism?Ansvaret för frågor som rör våldsbejakande extremism har inte en enskild huvudman - men vilka är det som har ansvaret och hur ska de samverka? Det diskuteras i det här avsnittet av Snacka om extremism special från Centrum mot våldsbejakande extremism (CVE). Avsnittet är en inspelning från ett seminarium i Almedalen 2019. Medverkande: Jonas Trolle, chef för CVE Moderator: Willy Silberstein
2019-09-1839 minCVE-podden
CVE-podden3 När tonläget höjs riskerar det extrema att normaliserasI takt med att samhällsdebatten hårdnar ökar risken för att det extrema normaliseras. Vilka socialpsykologiska grundmekanismer har betydelse när vi sätter ord på våldsbejakande extremism? I det här avsnittet av Snacka om extremism special diskuterar en panel ordets betydelse i det förebyggande arbetet mot våldsbejakande extremism. Inspelat vid ett seminarium i Almedalen 2019. Medverkande: Jenny Yourstone, doktor och forskningsledare på CVE; Marie Gustafsson Sandén, docent och språkforskare vid Södertörns högskola; Jonas Trolle, chef för CVE; Magnus Ranstorp, docent och terrorismforskare vid Försvarshögskolan; Ahn-Za Hags...
2019-09-1843 min