Please turn on your JavaScript for this page to function normally.

vulnerability disclosure

critical infrastructure
Keeping on top of ICS-focused hacking groups, defenses

How many hacking groups are focusing on ICS systems? Dragos security researchers say at least five were active in 2017. “While only one has demonstrated an apparent …

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea

2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) …

A five-year analysis of reported Windows vulnerabilities

Based on analysis of all disclosed Microsoft vulnerabilities in 2017, a new Avecto report shows a significant rise in the number of reported vulnerabilities. Last year, 685 …

Google wants bug hunters to probe popular Android apps for bugs

Google has started another bug bounty initiative: the Google Play Security Reward Program. While the name of the program might suggest that bug hunters will be after …

Unpatched SQLi vulnerability in SmartVista e-commerce suite

Companies using SmartVista, the popular e-commerce/payment management product suite developed by Swiss company BPC Banking Technologies, are urged to put limit access to its …

The Internet Bug Bounty offers rewards for bugs in data processing libraries

The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will …

DJI drone
Drone maker DJI launches bug bounty program

Chinese consumer drone maker DJI has announced that it’s starting a bug bounty program and has invited researchers to discover and responsibly disclose issues that could …

Google Chrome remote code execution flaw detailed, PoC released

Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …

US DOJ publishes guidelines for setting up a vulnerability disclosure program

Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to …

Security vulnerabilities in radiation monitoring devices

IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his …

Black Hat
EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON

Not all security researchers have someone to talk to and ask specific advice about the legal challenges that they could be faced while doing their work. If you are one of …

IoT connection
For timely vulnerability information, unofficial sources are a better bet

From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …

Don't miss

Cybersecurity news