Navigating the Fallout: Delays in NVD Updates Challenge CIOs and CISOs in Cybersecurity Battle
Scott Kuffer discusses how delays in the NVD can have far-reaching impacts on organizations that rely heavily on this data to protect their digital assets.
Risky Biz News: Discussing Vulnerability Management Trends, SLAs, and More
Scott Kuffer and Catalin Cimpanu talk about recent trends the company has observed among customers when it came to patch management and how service level agreements (SLAs) became a sign of an organization’s security health.
Resilient Cyber Podcast: Discussing Vulnerability Management Modernization & FedRAMP
Resilient Cyber Podcast host Chris Hughes and Nucleus CEO Steve Carter discuss Vulnerability Management Modernization & FedRAMP
NIST, the National Vulnerability Database and the great unraveling
Scott Kuffer discusses the history of the NVD, and why agencies lack the measurement tools to evaluate NIST cyber framework implementation in critical infrastructure sectors.
Experts Warn the NVD Backlog Is Reaching a Breaking Point
Experts warn that the massive disclosed vulnerabilities and exposures backlog and ongoing issues could result in supply chain risks across critical sectors.
Four ways to swing for the fences and simplify vulnerability management metrics
Like baseball, metrics are critical to VM teams. Scott Kuffer discusses four metrics that can help security teams measure the outcomes of a VM program.
Why cloud vulnerabilities need CVEs
Nucleus COO Scott Kuffer discusses the lack of CVEs in cloud services and why that is a significant challenge for vulnerability management.
How Nucleus Security Takes Vulnerability Management with Active Cyber
Listen to this deep dive on vulnerability management and Nucleus Security. You’ll walk away with practical tips on improving your vulnerability management program and more.
CVSS 4.0 Offers Significantly More Patching Context
The latest vulnerability severity scoring system addresses gaps in the previous version; here’s how to get the most out of it.
An Everything Is On Fireside Chat with Jen Easterly, Director of US C.I.S.A.
Jen Easterly, Director of the United States Cybersecurity and Infrastructure Security Agency (CISA), chats with Keren Elazari of the Interdisciplinary Cyber Research Center at Tel Aviv University, about Patrick Garrity’s cybersecurity research (at 20:00) and how we can all help build a more resilient cyber ecosystem internationally.
Getting to Know the Exploit Prediction Scoring System (EPSS)
Patrick Garrity joins the Cloud Security Alliance for a talk about the Exploit Prediction Scoring System (ESS). EPSS represents a data-driven initiative to estimate the likelihood of a software vulnerability being exploited in real-world scenarios.
Resilient Cyber w/ Patrick Garrity - Vulnerability Research & Management
In this episode of the Resilient Cyber podcast, Patrick Garrity joins the Resilient Cyber team to discuss all things Vulnerability Management and Content Marketing.
Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report
Patrick Garrity provides a visualization of the top 42 vulnerabilities in the CISA 2022 Top Routinely Exploited Vulnerabilities report across various vendors and their associated products.
Open-source projects plagued by rash of fake or disputed CVEs
Ryan Cribelar, R&D Engineer a Nucleus Security, spoke to Risky Biz News about the 138 fake CVEs that were obtained on August 22nd and filed for open-source projects.
The 19 most promising cybersecurity startups of 2023, according to VCs
Nucleus was chosen by a select group of successful VCs as one of the most promising computer security startups so far this year. Check out this article from Business Insider for the full write-up.
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?
Patrick Garrity’s research comparing CVSS 3.1 and 4.0 is highlighted in this breakdown of key changes and challenges security professionals should be aware of in CVSS 4.0.
Risky Biz News: Norwegian government hacked with MobileIron zero-day
This week, Nucleus Security was featured in Risky.Biz new for the breakdown and interactive chart of the CISA KEV database, broken down per vulnerability category. Check it out!
CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild
Patrick Garrity speaks to SC Media about eight new vulnerabilities added to CISA’s known exploited vulnerabilities (KEV) catalog, including six now-patched security flaws that impacted Samsung mobile devices and two others that are D-Link router and access point vulnerabilities.
The Significance of CIS Control Mapping in the 2023 Verizon DBIR
Nucleus Security’s own Patrick Garrity recently published a post on Help Net Security talking about the significance of CIS Control mapping in the 2023 Verizon DBIR.
Catalin Cimpanu talks CISA KEV with Patrick Garrity from Nucleus Security
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on how the company has been tapping into CISA’s KEV database for insights on vulnerability management and vulnerability prioritization.
(FIC) Orange - Risk Based Vulnerability Management through Nucleus
During the FIC (International Cybersecurity Forum) conference, Adam Dudley shared how Nucleus Security and Orange Cyberdefense build a foundational asset and vulnerability inventory so you can operationalize vulnerability management at scale.
Chris Hughes Joins The Risky.Biz Pod to Talk Vulnerability Prioritization
In this episode of the Risky.Biz Podcast, Chris Hughes, Co-Founder and CISO of Aquia, discusses his experience using Nucleus for Vulnerability Prioritization and why CVSS is not enough to successfully manage your vulnerability management program.
Introducing GitHub vulnerability management integrations for security professionals
Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started.
CISA Adds ‘High-Severity’ ZK Framework Bug to Vulnerability Catalog
Nucleus’s Ryan Cribelar speaks to SC Media about CVE-2022-36537, which has a CVSS score of 7.5 and was added to the CISA KEV catalog after FOX IT reported that there were hundreds of open-facing ConnectWise R1Soft Server Backup Manager servers exploited in the wild.
Patch Your Windows PC Now to Fix 3 Zero-Day Exploits
Nucleus Security speaks about CVE-2023-23529, a WebKit Remote Code Execution flaw, rolled out in February’s Patch Tuesday.
Two Zero-Days Fixed in Patch Tuesday Can Escalate Privileges to the SYSTEM Level
Ryan Cribelar, vulnerability research engineer at Nucleus, talks with SC Media about two February additions to the CISA KEV catalog that could let attackers escalate privileges to the SYSTEM level.
Tools Alone Won't Solve Your Vuln Management Problems
In this episode of the Risky.Biz Podcast, Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.
ChatGPT in Cybersecurity with Stephen Carter, CEO at Nucleus
Nucleus CEO, Stephen Carter, joins Mike Vizard with Techstrong.tv to talk about the impact that ChatGPT and AI technology might have on the cybersecurity industry, specifically within the world of vulnerability management.
Resilient Cyber Podcast: Challenges of Vulnerability Management
Nucleus CEO, Stephen Carter, discusses the challenges and Complexity of the modern vulnerability management landscape with hosts Chris Hughes and Nikki Robinson.
CISO Tradecraft Podcast: Consolidating Vulnerability Management
Nucleus CISO, Jeff Gouge, discusses the value of consolidating vulnerability management. Jeff expands into the use of vulnerability exploitation data for prioritization and the value of taking a more modern approach to vulnerability management using SSVC (Stakeholder-Specific Vulnerability Categorization).
Stop Trying to Patch Everything and Focus on the Real Organizational Risk
In this post, we chatted with our partners at Orange Cyberdefense about how a risk-based approach to vulnerability management can help businesses where they should focus to repair and fix vulnerabilities.
Unsupervised Learning Podcast feat. Scott Kuffer
In this podcast interview, Scott Kuffer, COO and Co-Founder at Nucleus, has a conversation with about approaching vulnerability management at scale with Daniel Miessler of the Unsupervised Learning podcast.
Avoid Being Blindsided by CISA’s Known Exploited Vulnerabilities List
Dave Farquhar, Solutions Architect at Nucleus, shares three ways to predict items that are likely candidates to make it onto the CISA KEV list.
Nucleus Security CISA KEV Enrichment Dashboard provides insights into vulnerability prioritization
Nucleus Security launches the CISA KEV Enrichment Dashboard, a free tool that enables vulnerability researchers to observe known and exploitable vulnerabili40 ties identified by CISA and layer additional enrichment intelligence onto their vulnerability prioritization.
OpenSSL Releases Fixes for Two ‘High’ Severity Vulnerabilities
Nucleus Security’s Ryan Cribelar cast doubts on the severity of the vulnerabilities CVE-2022-3786 and CVE-2022-3602, which were listed as “high” by OpenSSL in late October 2022.
How Financial Services Can Better Secure Their CI/CD Pipelines
Gil Azaria, Director of APAC Operations at Nucleus Security, shares insights into the challenges that financial services face when securing their CI/CD pipelines, including competing priorities.
Nucleus Security Releases Free CISA KEV Enrichment Dashboard and Research, Providing Further Insight Into Vulnerability Prioritization
Nucleus Security launches the CISA KEV Enrichment Dashboard, a free tool that enables vulnerability researchers to quickly observe known and exploitable vulnerabilities identified by CISA and layer additional enrichment intelligence onto their vulnerability prioritization.
Nucleus Wins 2 CyberScoop 50 Awards
Scott Kuffer and NucleusGov win two awards at the CyberScoop 50 awards – an award that spotlights initiatives, new technologies, or novel approaches that promise to improve how governments, industries or the public at large approach cybersecurity.
Risky Business Episode #679 feat. Steve Carter
In this episode of Risky.Biz, our CEO and Co-Founder Steve Carter chats about CISA’s KEV list, including his mostly positive feelings, but also hisreasonable gripes.
Frontline Stories: Discussing the Impact of CISA KEV with Nucleus Security
Our Co-Founder and CEO, Stephen Carter, sat down with Kerry Matre, host of The Mandiant Defender’s Advantage Podcast, to discuss how vuln management has evolved over time and how CISA’s Known Exploited Vulnerabilities list helps U.S. civilian agencies and organizations globally.
Top Cybersecurity Startups to Watch in 2022
Nucleus is included as one of the top 60 cybersecurity startups to watch in 2022 based on innovation in new and emerging technologies, length of operation, early funding rounds, scalability, and more.
CISA Adds Apple Zero-Day, Cisco and Gigabyte Bugs to Exploited Vulnerabilities List
Ryan Cribelar, vulnerability research engineer at Nucleus Security, speaks to The Record by Recorded Future about several new vulnerabilities added to the CISA KEV list, including a zero-day vulnerability affecting all iPhone 8 and later models as well as several iPad models.
Top 3 Tips to Identify Quality Vulnerability Intelligence
Dave Farquhar, Solutions Architect at Nucleus, shares the three attributes of quality vulnerability intelligence, along with the key differentiating factors to consider when looking at vulnerability intelligence tools.
Fortinet authentication bypass flaw exploited in the wild; security experts call patching critical
David Farquhar, solutions architect at Nucleus Security, spoke to SC Media about the Fortinet products impacted by the CISA KEV CVE-2022-40684 exploit.
CISA adds Zoho Manage Engine vulnerability to KEV catalog
In this feature, Ryan Cribelar, vulnerability research engineer at Nucleus, explains how the Zoho ManageEngine vulnerability discovered earlier in September was elevated and uploaded to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog.
A Cautionary Tale: Sharing Your Riskiest Insider Threats Is a Culture Killer
The 2022 Cost of Insider Threat Global Report from Ponemon Institute states a clear problem: “Insider threats have increased in both frequency and cost over the past two years.” In this article for CPO Magazine, Nucleus’s Ryan Cribelar speaks about the culture impact that potentially comes from sharing insider threats.
Google Chrome, D-Link bugs among twelve added to CISA’s list of known exploited vulnerabilities
Ryan Cribelar, vulnerability research engineer at Nucleus Security, spoke to The Record about CVE-2022-3075, a wide-reaching vulnerability added to the CISA KEV list in September 2022.
SecurityGuyTV | Scanning Is Only the First Step in Vulnerability Management
Scott Kuffer, Co-Founder and COO of Nucleus Security, joins Chuck Harold at SecurityGuyTV.com live from Black Hat USA 2022 to talk about how scanning is only step one in the vulnerability management process.
Nucleus Security Named in Two 2022 Gartner® Hype Cycle™ Reports
Nucleus Security, a leader in risk-based vulnerability management and process automation, is pleased to be included as a Sample Vendor in two recent Gartner Hype Cycles: Hype Cycle for Security Operations, 2022 and Hype Cycle for Application Security, 2022.
RSAC Insights: Why Vulnerability Management Absolutely Must Shift to a Risk-Assessment Approach
In this episode of The Last Watchdog podcast, listen to Scott Kuffer and Byron Acohido discuss the importance for organizations to take a risk-based assessment lens to vulnerability management.
Media Assets
Please use the links below to download Nucleus Security’s branded assets, including brand guidelines, official brand logos, and headshots and bios of our Nucleus Co-Founders, Steve Carter (CEO) and Scott Kuffer (COO). For questions, interviews, or more press assets, please contact marketing@nucleussec.com.