US DOJ publishes guidelines for setting up a vulnerability disclosure program
Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to …
vulnerability disclosure
Security vulnerabilities in radiation monitoring devices
IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his …
EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON
Not all security researchers have someone to talk to and ask specific advice about the legal challenges that they could be faced while doing their work. If you are one of …
For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …
Microsoft to governments: Stop hoarding vulnerabilities
Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
QNAP NAS devices open to remote command execution
If you’re using one of the many QNAP NAS devices and you haven’t yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don’t …
LastPass is working on fixing latest code execution bug
It’s been an eventful couple of weeks for LastPass developers, as they’ve scrambled to fix a couple of serious flaws in the popular password manager’s …