• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

Terry Davis / June 3, 2022

CVE for Cyber Security (Not the Police CVE Program)

Every industry has its buzzwords and acronyms. When I transitioned from working for the Navy to working in cyber security, I learned that many of the terms I knew meant different things in cyber than they did in DoD.
In the state of Kentucky for example, the acronym CVE stands for “Commercial Vehicle Enforcement” which is a state police program to promote safe driving, particularly for commercial vehicles. (I am a big fan of this especially after I was stuck on the side of I-64 with a blown tire two weeks ago while tractor-trailers were zooming by at 80 mph and NOT moving to the left lane…but I digress.)
However, in the cyber security arena, CVE refers to “Common Vulnerabilities and Exposures.“ But what does that mean in English?
The CVE list is a database of publicly disclosed cyber security vulnerabilities that, if not patched or otherwise fixed, may be exploited by cyber criminals to breach your network.
Most cyber security and information technology professionals are very familiar CVE alerts and may receive notifications from various organizations. For local governments, the Multi-State Information Sharing and Analysis Center (MS-ISAC) sends out email alerts with CVE notifications that may impact local governments. These MS-ISAC alerts also identify the level of threat to large, medium, and small government entities as well as large, medium, and small businesses.
The latest and most critical is CVE-2022-30190, also known as “Microsoft Support Diagnostic Tool Vulnerability”. The MS-ISAC alert indicated the threat level for all entities is HIGH.
Unfortunately, there is no patch for this vulnerability. However, there are steps that can be taken to protect your system. These are described in the alerts that IT administrators should have access to. Additionally, any system that has comprehensive cyber security protections will have EDR and other technologies implemented that can detect exploits of these vulnerabilities before damage is done.
All counties and businesses should contact their IT staff to ensure they are implementing the workarounds. Your cyber security team should already be aware of and working to protect you from this threat.
CYBER NEWS
Boston Children’s Hospital was target of cyberattack thwarted by FBI
Boston Children’s Hospital was target of cyberattack thwarted by FBI
FBI Director Christopher Wray said this week that the bureau’s cyber squad was able to stop the 2021 attempt, which he blamed on Iran-sponsored hackers, before it could damage the hospital’s IT network.
www.healthcareitnews.com • Share
Military-Made Cyberweapons Could Soon Become Available on the Dark Web, Interpol Warns
Military-Made Cyberweapons Could Soon Become Available on the Dark Web, Interpol Warns
Interpol Secretary General Jurgen Stock said he’s concerned state-developed cyberweapons will become available on the darknet in a “couple of years.”
www.nbcwashington.com • Share
US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info
US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info
The stuffing attack exposed customer information and allowed hackers to redeem rewards points
www.infosecurity-magazine.com • Share
Hackers Attack Zola: Wedding Accounts Lose Money From Fraudulent Purchases
Hackers Attack Zola: Wedding Accounts Lose Money From Fraudulent Purchases
Zola lacks a two-factor authentication for its users, which served as a perfect breeding ground for credential surfing attacks.
www.techtimes.com • Share
TIP OF THE WEEK
CVE Explained – The CVE list is a database of publicly disclosed cyber security vulnerabilities that, if not patched or otherwise fixed, may be exploited by cyber criminals to breach your network.
Each item on the list is given a unique identifier in the format CVE-YYYY-NNNNN where YYYY is the year and NNNNN is a unique identifier. Therefore it is much easier to identify the threat when dealing with how to address it.
These threats also provide information on the systems affected, the level of threat, and mitigation steps. These are the threats that once identified, are known to threat actors. Therefore, immediate patching or mitigation is imperative to protecting your networks.
VOCABULARY WORD
CVE (Common Vulnerabilities and Exposures): A database of publicly disclosed information security flaws shared with IT administrators, vendors, etc. to advise them of security issues to address before they are exploited.
CYBER HUMOR

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT