#vulnerability-disclosure
#vulnerability-disclosure

[ follow ]

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Irish government fixed a vulnerability in its national COVID-19 vaccination portal two years ago

Security researcher Aaron Costello discovered the vulnerability in December 2021

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Federal Contractor Cybersecurity Vulnerability Reduction Act aims to establish vulnerability disclosure policies for federal contractors to enhance cybersecurity measures.

Dell hacker claims they had access to systems for nearly three weeks

The threat actor behind the recent Dell data breach accessed internal systems for weeks prior to detection by exploiting partner account registration flaws.

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says | TechCrunch

A security researcher found a flaw in a traffic light controller allowing remote control.

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Cisco disclosed a critical vulnerability in Cisco Smart Software Manager On-Prem, allowing remote attackers to change any user's password.

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch

Exposing lax security in Mobile Guardian led to mass-wiping of student devices prior to a cyberattack.

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Irish government fixed a vulnerability in its national COVID-19 vaccination portal two years ago

Security researcher Aaron Costello discovered the vulnerability in December 2021

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Federal Contractor Cybersecurity Vulnerability Reduction Act aims to establish vulnerability disclosure policies for federal contractors to enhance cybersecurity measures.

Dell hacker claims they had access to systems for nearly three weeks

The threat actor behind the recent Dell data breach accessed internal systems for weeks prior to detection by exploiting partner account registration flaws.

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says | TechCrunch

A security researcher found a flaw in a traffic light controller allowing remote control.

morecybersecurity

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Security flaws in Roundcube webmail could allow theft of sensitive information through malicious JavaScript.

Terra Blockchain Restarts After $4M Exploit

Terra blockchain paused operations after a reentrancy attack led to theft of over $4 million in tokens.

House panel advances measure to dissolve SEC cyber disclosure rule

A resolution was advanced to undo an SEC rule mandating prompt cybersecurity incident disclosure, sparking debate over confidentiality and vulnerability disclosure.

#rapid7

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching

Importance of transparency in vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

JetBrains defends against Rapid7's claims of silent patching by emphasizing responsible vulnerability disclosure.

JetBrains criticizes Rapid7 for releasing full details and exploit code of vulnerabilities just hours after patches, resulting in customer harm.

Rapid7 flames JetBrains over vulnerability disclosure

Rapid7 criticizes JetBrains for silent patching

Importance of transparency in vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

JetBrains defends against Rapid7's claims of silent patching by emphasizing responsible vulnerability disclosure.

JetBrains criticizes Rapid7 for releasing full details and exploit code of vulnerabilities just hours after patches, resulting in customer harm.

morerapid7

ZDI shames Microsoft for coordinated vuln disclosure snafu

Microsoft patched a zero-day exploit reported by Trend Micro's Zero Day Initiative team without giving credit, highlighting issues with bug reporting programs.

Non-Production Endpoints as an Attack Surface in AWS

Security issue disclosed on AWS by Datadog, remediated by AWS with fixes for bypasses.

Importance of securing all endpoints, including non-production, highlighted to prevent security breaches.

Patch now: 'Easy-to-exploit' RCE in open source Ollama

A vulnerability in Ollama allowed remote code execution, affecting over 1,000 instances. Wiz Research disclosed CVE-2024-37032, fixed in version 0.1.34.

Ollama's vulnerability stemmed from insufficient validation on the server side of its REST API, enabling attackers to trigger API endpoints for remote code execution.

[ Load more ]

#vulnerability-disclosure#vulnerability-disclosure

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Vulnerability disclosure policy bill for federal contractors clears Senate panel

Dell hacker claims they had access to systems for nearly three weeks

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says | TechCrunch

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch

A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose | TechCrunch

Vulnerability disclosure policy bill for federal contractors clears Senate panel

Dell hacker claims they had access to systems for nearly three weeks

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says | TechCrunch

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Terra Blockchain Restarts After $4M Exploit

House panel advances measure to dissolve SEC cyber disclosure rule

Rapid7 flames JetBrains over vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

Rapid7 flames JetBrains over vulnerability disclosure

JetBrains fingers Rapid7 for customer ransomware attacks

ZDI shames Microsoft for coordinated vuln disclosure snafu

Non-Production Endpoints as an Attack Surface in AWS

Patch now: 'Easy-to-exploit' RCE in open source Ollama

#vulnerability-disclosure
#vulnerability-disclosure