vulnerability disclosure
The most frequently reported vulnerability types and severities
Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …
ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …
MyOpenVDP: Open-source web application to securely disclose vulnerabilities
MyOpenVDP is a turnkey open-source solution allowing anyone to host their own vulnerability disclosure policy (VDP). Developed by YesWeHack, the web application is available …
Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …
Rise in IoT vulnerability disclosures, up 57%
Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The …
Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
A closer look at the SEC Cybersecurity Disclosure rule
In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
Strengthening the ability of public companies to combat cybersecurity threats
The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange …
The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …
ICS vulnerability disclosures surge 110% over the last four years
Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half (2H) of 2021 compared to the …
Featured news
Resources
Don't miss
- Zen-AI-Pentest: Open-source AI-powered penetration testing framework
- Singapore telcos breached in China-linked cyber espionage campaign
- Microsoft tightens Windows security with app transparency and user consent
- Unpatched SolarWinds WHD instances under active attack
- How AI is reshaping attack path analysis