vulnerability disclosure Archives

vulnerability disclosure

The Log4j debacle showed again that public disclosure of 0-days only helps attackers

January 6, 2022

On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …

CISA launches US federal vulnerability disclosure platform

August 2, 2021

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) …

5G network slicing vulnerability leaves enterprises exposed to cyberattacks

March 24, 2021

AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental …

2020 vulnerability disclosures on track to exceed those from 2019

February 12, 2021

2020 vulnerability disclosures are on track to exceed 2019 despite a sharp decrease of 19.2% observed earlier in the year, according to Risk Based Security. The team …

2020 to reach vulnerability disclosure levels similar to those in 2019

December 10, 2020

The number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021, according to Risk Based Security. The team aggregated 17,129 …

D-Link routers vulnerable to remotely exploitable root command injection flaw

December 8, 2020

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC …

Open source vulnerabilities go undetected for over four years

December 3, 2020

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …

The effectiveness of vulnerability disclosure and exploit development

November 19, 2020

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …

Google discloses actively exploited Windows zero-day (CVE-2020-17087)

November 2, 2020

Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …

Vulnerability reporting is returning to normal

August 28, 2020

Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals. Out of 11,121 vulnerabilities aggregated during the first …

Most ICS vulnerabilities disclosed this year can be exploited remotely

August 20, 2020

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and …

2019 was a record year for OSS vulnerabilities

June 9, 2020

Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report. Top 10 …