#vulnerability-disclosure

[ follow ]
#cybersecurity

White House releases report on securing open-source software

The White House is making progress in securing open-source software through its Open-Source Software Security Initiative (OS3I).
Open-source software is ubiquitous and used by various organizations, making it crucial to ensure its security.

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Cisco disclosed a critical vulnerability in Cisco Smart Software Manager On-Prem, allowing remote attackers to change any user's password.

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch

Exposing lax security in Mobile Guardian led to mass-wiping of student devices prior to a cyberattack.

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Irish government fixed a vulnerability in its national COVID-19 vaccination portal two years ago
Security researcher Aaron Costello discovered the vulnerability in December 2021

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Federal Contractor Cybersecurity Vulnerability Reduction Act aims to establish vulnerability disclosure policies for federal contractors to enhance cybersecurity measures.

Dell hacker claims they had access to systems for nearly three weeks

The threat actor behind the recent Dell data breach accessed internal systems for weeks prior to detection by exploiting partner account registration flaws.

White House releases report on securing open-source software

The White House is making progress in securing open-source software through its Open-Source Software Security Initiative (OS3I).
Open-source software is ubiquitous and used by various organizations, making it crucial to ensure its security.

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Cisco disclosed a critical vulnerability in Cisco Smart Software Manager On-Prem, allowing remote attackers to change any user's password.

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch

Exposing lax security in Mobile Guardian led to mass-wiping of student devices prior to a cyberattack.

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Irish government fixed a vulnerability in its national COVID-19 vaccination portal two years ago
Security researcher Aaron Costello discovered the vulnerability in December 2021

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Federal Contractor Cybersecurity Vulnerability Reduction Act aims to establish vulnerability disclosure policies for federal contractors to enhance cybersecurity measures.

Dell hacker claims they had access to systems for nearly three weeks

The threat actor behind the recent Dell data breach accessed internal systems for weeks prior to detection by exploiting partner account registration flaws.
morecybersecurity

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Security flaws in Roundcube webmail could allow theft of sensitive information through malicious JavaScript.

Terra Blockchain Restarts After $4M Exploit

Terra blockchain paused operations after a reentrancy attack led to theft of over $4 million in tokens.

House panel advances measure to dissolve SEC cyber disclosure rule

A resolution was advanced to undo an SEC rule mandating prompt cybersecurity incident disclosure, sparking debate over confidentiality and vulnerability disclosure.
#rapid7

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching
Importance of transparency in vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

JetBrains defends against Rapid7's claims of silent patching by emphasizing responsible vulnerability disclosure.
JetBrains criticizes Rapid7 for releasing full details and exploit code of vulnerabilities just hours after patches, resulting in customer harm.

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching
Importance of transparency in vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

JetBrains defends against Rapid7's claims of silent patching by emphasizing responsible vulnerability disclosure.
JetBrains criticizes Rapid7 for releasing full details and exploit code of vulnerabilities just hours after patches, resulting in customer harm.
morerapid7

MoD ethical hacking programme expands after initial success | Computer Weekly

The Ministry of Defence has expanded its defensive security initiative with HackerOne to include key suppliers.
The MoD's partnership with ethical hackers aims to identify and fix vulnerabilities in its systems to enhance cyber security.

ZDI shames Microsoft for coordinated vuln disclosure snafu

Microsoft patched a zero-day exploit reported by Trend Micro's Zero Day Initiative team without giving credit, highlighting issues with bug reporting programs.

Non-Production Endpoints as an Attack Surface in AWS

Security issue disclosed on AWS by Datadog, remediated by AWS with fixes for bypasses.
Importance of securing all endpoints, including non-production, highlighted to prevent security breaches.

Patch now: 'Easy-to-exploit' RCE in open source Ollama

A vulnerability in Ollama allowed remote code execution, affecting over 1,000 instances. Wiz Research disclosed CVE-2024-37032, fixed in version 0.1.34.
Ollama's vulnerability stemmed from insufficient validation on the server side of its REST API, enabling attackers to trigger API endpoints for remote code execution.
[ Load more ]