Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
vulnerability disclosure
A closer look at the SEC Cybersecurity Disclosure rule
In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
Strengthening the ability of public companies to combat cybersecurity threats
The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange …
The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …
ICS vulnerability disclosures surge 110% over the last four years
Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half (2H) of 2021 compared to the …
28,695 vulnerabilities were disclosed in 2021 – the highest number on record
A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security. That total is the highest number on record, and it puts the amount of …
The Log4j debacle showed again that public disclosure of 0-days only helps attackers
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …
CISA launches US federal vulnerability disclosure platform
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) …
5G network slicing vulnerability leaves enterprises exposed to cyberattacks
AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental …
2020 vulnerability disclosures on track to exceed those from 2019
2020 vulnerability disclosures are on track to exceed 2019 despite a sharp decrease of 19.2% observed earlier in the year, according to Risk Based Security. The team …