vulnerability disclosure
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)
A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental …
Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected …
The most frequently reported vulnerability types and severities
Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …
ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …
MyOpenVDP: Open-source web application to securely disclose vulnerabilities
MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available …
Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …
Rise in IoT vulnerability disclosures, up 57%
Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The …
Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
A closer look at the SEC Cybersecurity Disclosure rule
In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
Strengthening the ability of public companies to combat cybersecurity threats
The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange …
Featured news
Sponsored
Don't miss
- Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
- LastPass users targeted by vishing attackers
- Protobom: Open-source software supply chain tool
- The key pillars of domain security
- Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)