And You Won't Have To...
And You Won't Have To...
Your Data Is Your's
Text Message Opt-in
I confirm that I want to receive automated reminders and promotional messages from this company using any contact information I provide. I also agree to your terms of service and Privacy Policy. This agreement isn't a condition of any purchase. Msg & Data rates may apply. Reply STOP to end or HELP for help.
What are CVEs?
CVE stands for Common Vulnerability and Exposures
NVD stands for National Vulnerability Database
Currently, there are over 200,000 CVE records available in the NVD
CVEs are given a rating using the Common Vulnerability Scoring System (CVSS). The base score is composed of six metrics which can be used to calculate a severity score of 0-10. These metrics are:
Access vector – The way in which a vulnerability can be exploited (e.g., locally or remotely). Remotely ranks higher.
Attack complexity – How difficult a vulnerability is to exploit. The more difficult, the lower the score.
Authentication – How many times an attacker has to use authentication credentials to exploit the vulnerability. The higher the number, the lower the score.
Confidentiality – How much sensitive data an attacker can access after exploiting the vulnerability. Access large amounts, the higher the score.
Integrity – How much and how many files can be modified as a result of exploiting the vulnerability. The more modified, the higher the score.
Availability – How much damage exploiting the vulnerability does to the target system (e.g. reduced performance/functionality). The more damage, the higher the score.
With the most dangerous CVEs, the metric most often used is not the CVSS score, but rather how commonly a CVE has been exploited. Or what is more commonly called “Out In The Wild” which means the exploit was used before patch updates could happen. Remember, most Zero-Day CVEs are caught before they're ever deployed to the public.
Because there have been vulnerabilities exploited in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) now maintains a Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog currently contains over 800 entries.
Why are they important?
CVEs are not malicious code created by bad actors.
CVEs are vulnerabilities within legitimate code used in any computing software. Often, CVEs occur in source code or fundamental coding blocks.
The most recent two that ranked high on the NVD scale was CVE-2023-4863 and CVE-2023-44487.
CVE-2023-4863: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
and
CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.
While patching has been ongoing, it could take years for all the patching work to be completed.
I've got a three series workshop in the works. AND they're totally free. We'll start with the first layer of defense... securing your home. Then we'll tackle how to shield your phone... out in the wild. Finally, learn the favorite techniques and products security experts use to shut down access to those all important social apps.
I created the CyberSecure Squad Facebook group to bring cutting edge business women up-to-date security info and how to protect against malicious attacks. It's private group of seriously kickass smart entrepreneurs, ready to protect what's theirs. We'll cover AI, Web3, and even blockchain technologies in easy to understand every day language.
We call the vulnerable point of attack an endpoint. We'll start with a security audit and create a strategy of recommended products and services you can tailor to your business needs. Then we'll start building a security culture in your company with bite-sized gamified training on the latest attack trends and how to stop them saves time and money.
Meet Your Securista!
Oh Hello! I’m Angela "Ange Gos" Payton - The Securista. I've reverse-engineered malware and as the tech copywriter, I made tech jargon understandable for everyday people. Retiring from the Security and Response team at Symantec didn't end my cybersecurity life.
My corporate copywriting clients, top competitors of my former company, wanted less technobabble in their marketing info, anchoring and keeping me deep in cybersecurity for years.
So what is a Securista? Like a barista, I help you craft your strongest security against hackers.
Why pivot to cybersecurity, now? I watched a "cybersecurity expert" with zero threat experience provide outdated information... so outdated, I knew I needed to help entrepreneurs, like yesterday because I have a wealth of knowledge and How-To's people need.
So here we are.
Imagine keeping your family, home, AND business safe. Simply and easily.
“A really strong testimonial that confirms the transformation that is waiting.”
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam.
I haz friends. I've already started inviting experts to come and talk about security trends and what's next. There may even be some history stories about how some threats were found. Group lives in Facebook and an exclusive members-only private podcast firing up the end of June 2023 will inform and entertain.
In the member's area, we'll have a dedicated set of lists for apps, tools, & SaaS (both Software as a Service and Security as a Service). We'll cover who's behind them and what they cover.
An ounce of prevention... yada, yada. But really, think of how cool it will feel to know the latest social phishing scams and shutting it down. That's where our courses come in. Based on the Categorical Lists O'Security, we break down the how so you can decide if it'll work great for your or keep your $$. We'll also offer courses that will the protection protocols you'll use often.