0x05 A tale of two vulnerability databases and a Panda - Magnus Lundgren - HelSec Virtual meetup #1

― HelSec

Speaker: Magnus Lundgren - https://www.linkedin.com/in/mrmagnuslundgren/ & https://twitter.com/MagsLundgren Upcoming HelSec events: https://www.meetup.com/HelSec/ HelSec: https://helsec.fi/ (1) We have done a quantitative analysis that shows that the U.S. National Vulnerability Database (NVD) is 20 days later than China’s National Vulnerability Database (CNNVD) in average time between initial disclosure and database inclusion. (33 days for the US compared to 13 in China.) So if you want to stay on top on vulnerabilities you should look at the Chinese CNNVD web page and not the American NIST NVD. (2) BUT we discovered some exceptions to the general rule that China’s National Vulnerability Database (CNNVD) was generally more aggressive in capturing up-to-date information for software vulnerabilities than its U.S. counterpart (NVD) and a broader role for the Ministry of State Security (MSS) in vulnerability reporting than was previously known. This includes multiple examples of high-threat vulnerabilities that the CNNVD delayed publishing likely because they were being evaluated or exploited by the MSS. We also uncovered evidence of a formal vulnerability evaluation process at CNNVD in which High-threat CVEs are likely evaluated for their operational utility by the MSS before publication. Conclusion - you can see what vulnerabilities the Chinese APT groups are likely to use by monitoring the vulnerabilities that has been published in the U.S. NVD database but has not been published in the Chinese CNNVD database.

#magnus_lundgren #lundgren_magnus #mrmagnuslundgren #magslundgen #chinese_cnnvd #nist_nvd #chinese_apt #advanced_persistent_threat #helsec #virtual_meetup #meetup #infosec #tietoturva #citysec #citysec.fi #disobey #disobey.fi

Keräyksessä Tietoturva 2020-2021

Alkuperäislähde: https://www.youtube.com/watch?v=HARHTtt0srg

Sivun kuvailutiedot ovat peräisin alkuperäislähteestä (YouTube).