vulnerability disclosure

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected …

The most frequently reported vulnerability types and severities
Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …

ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …

MyOpenVDP: Open-source web application to securely disclose vulnerabilities
MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available …

Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …

Rise in IoT vulnerability disclosures, up 57%
Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The …

Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …

A closer look at the SEC Cybersecurity Disclosure rule
In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …

How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …

Strengthening the ability of public companies to combat cybersecurity threats
The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange …

The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …
Featured news
Sponsored
Don't miss
- Sumo Logic discloses potential breach via compromised AWS credential
- Marina Bay Sands breach exposed data of 665,000 customers
- The 3 key stages of ransomware attacks and useful indicators of compromise
- Aqua Trivy open-source security scanner now finds Kubernetes security risks
- AI-assisted coding and its impact on developers