vulnerability disclosure Archives

vulnerability disclosure

GitHub introduces private vulnerability reporting for open source repositories

April 27, 2023

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …

Samsung, Vivo, Google phones open to remote compromise without user interaction

March 17, 2023

Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user …

ICS vulnerabilities: Insights from advisories, how CVEs are reported

January 30, 2023

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, …

FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)

January 13, 2023

A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental …

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)

January 12, 2023

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected …

The most frequently reported vulnerability types and severities

November 4, 2022

Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …

ConnectWise backup solutions open to RCE, patch ASAP!

October 31, 2022

ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …

MyOpenVDP: Open-source web application to securely disclose vulnerabilities

October 26, 2022

MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available …

Organizations should fear misconfigurations more than vulnerabilities

September 13, 2022

Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …

Rise in IoT vulnerability disclosures, up 57%

August 29, 2022

Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The …

Researchers disclose 56 vulnerabilities impacting thousands of OT devices

June 21, 2022

Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …

A closer look at the SEC Cybersecurity Disclosure rule

June 15, 2022

In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …