Security Affairs

NOVEMBER 24, 2023

Microsoft announced this week it will pay up to $20,000 for security vulnerabilities in its Defender products. Microsoft launched its new Microsoft Defender Bounty Program with a focus on Defender products and services. The company will pay up to $20,000 for the vulnerabilities in its Defender products.

Hacking 115

Hacking Information Security 115

Krebs on Security

SEPTEMBER 20, 2021

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. There may be another good reason for consolidating security contact and vulnerability reporting information in one, predictable place. Image: Securitytxt.org.

Retail 298

Retail Healthcare Internet Internet 298

Malwarebytes

MARCH 8, 2024

A virtual machine (VM) is a computer program that emulates a physical computer. VMWare’s decision to offer fixes for end-of-life software is because the vulnerabilities patched in these updates are escape flaws that allow a computer program to breack of the confines of a VM and affect the host operating system.

Software 111

Software Risk Cybersecurity 111

Threatpost

JANUARY 12, 2021

Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.

Government 128

Government Hacking 128

Security Affairs

JULY 24, 2023

Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH ’s forwarded ssh-agent. The now-patched vulnerability, tracked as CVE-2023-38408 , can be exploited by a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.

Authentication 96

Authentication Encryption Internet Internet 96

CSO Magazine

APRIL 12, 2023

Microsoft-backed OpenAI has launched a bug bounty program and is inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help the company identify and address vulnerabilities in its generative artificial intelligent systems. “We

Artificial Intelligence 81

Artificial Intelligence Technology 81

Malwarebytes

APRIL 3, 2024

In April’s update for the Android operating system (OS) , Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The Qualcomm CVE is listed as CVE-2023-28582.

Firmware 111

Firmware Software Mobile Risk 111

Malwarebytes

OCTOBER 25, 2023

VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability has a CVSS score of 9.8

Software 104

Software Risk Cybersecurity 104

The Last Watchdog

JUNE 12, 2023

The rules or policies you put in place to make sure information privacy is maintained are typically focused on unauthorized disclosure of personal information. That’s not a data breach, that is not broken security, or a lapse of their information security program, that’s how they make money. still available for you to use.

Information Security 167

Information Security Data breaches CISO Encryption 167

SecureWorld News

JANUARY 18, 2023

Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program. The DoD is partnering with commercial firms that have experience administering Crowdsourced Vulnerability Discovery and Disclosure (CVDD) activities.

Hacking 72

Hacking Government Information Security Cybersecurity 72

Malwarebytes

OCTOBER 7, 2022

Malwarebytes welcomes and encourages independent researchers reporting vulnerabilities in our products, and has run a bug bounty program for several years. Our security team has spent the last few months modernizing the program and we thought you'd like to hear about it. What is a bug bounty program? Increased bounties.

78

78

SecureWorld News

DECEMBER 11, 2023

Securities and Exchange Commission (SEC) has implemented new cyber incident disclosure rules, requiring companies to be more transparent and timely in their communication of cybersecurity breaches and vulnerabilities. Immediately or not, Dec. 15 is now here, and the new rules will be in effect. What should companies do to prepare?

CISO 84

CISO Risk Cybersecurity CSO 84

Security Affairs

OCTOBER 1, 2022

The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which is considered part of DoD’s vulnerability disclosure program (VDP).

Hacking 111

Hacking Artificial Intelligence Government Information Security 111

Bleeping Computer

MAY 4, 2021

US Department of Defense (DOD) officials today announced that the department's Vulnerability Disclosure Program (VDP) has been expanded to include all publicly accessible DOD websites and applications. [.].

99

99

Malwarebytes

MAY 23, 2022

Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. Let’s look at each of the vulnerabilities up-close. High-severity NVIDIA vulnerabilities. Virtual machines and (theoretically) web browsers can trigger this vulnerability. CVE-2022-28181.

Software 140

Software Accountability 140

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. But Holden said that was not the case with the vulnerability on the Kaseya portal that he reported via Mandiant. As its name suggests, CVE-2015-2862 was issued in July 2015.

Software 272

Software Ransomware System Administration Authentication 272

Malwarebytes

JULY 4, 2022

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. Disclosure.

Internet 117

Internet Internet Software Accountability 117

Malwarebytes

OCTOBER 27, 2023

The important vulnerabilities that have been addressed in this raft of updates are: CVE-2023-40423 , a critical vulnerability in IOTextEncryptionFamily that could allow an app to execute arbitrary code with kernel privileges. CVE-2023-40413 , a vulnerability in Find My that could allow another to read sensitive location information.

Accountability 108

Accountability Authentication Passwords Risk 108

eSecurity Planet

MARCH 19, 2024

Microsoft, as usual, led the pack in quantity for Patch Tuesday this March with fixes for nearly 59 vulnerabilities including two critical flaws. Patching teams may be busy with this anticipated work, but be sure to also address the off-schedule critical vulnerabilities that affect Fortinet, QNAP, Kubernetes, and WordPress plug-ins.

Authentication 96

Authentication VPN Software DDOS 96

Centraleyes

FEBRUARY 12, 2024

In a landmark decision on July 26, 2023, the Securities and Exchange Commission (SEC) brought about a seismic shift in corporate disclosure regulations. Public companies must scrutinize their existing disclosure controls and procedures, create a solid framework for determining materiality, and get everyone involved in the disclosure process.

Cybersecurity 52

Cybersecurity Risk Government Insurance 52

Security Affairs

JULY 18, 2021

Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. ” reads the “ Regulations on the Management of Network Product Security Vulnerability ” published by CAC. .” Pierluigi Paganini.

Government 100

Government Hacking Technology Cybersecurity 100

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. They are as follows: Choose a CMS that actively looks for and fixes security vulnerabilities.

Passwords 129

Passwords Firewall Marketing Authentication 129

The Last Watchdog

DECEMBER 12, 2023

Findings reveal that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs, and demonstrate the risks associated with an overly reliant approach to established methods. Detectify found a total of 361,028 vulnerabilities in this sample.

Financial Services 100

Financial Services Internet Internet Banking 100

Security Affairs

SEPTEMBER 7, 2020

agencies to implement vulnerability-disclosure policies by March 2021. government’s cybersecurity agency CISA has issued a mandate that requires federal agencies to implement vulnerability-disclosure policies (VDPs) by March 2021. A new Cybersecurity and Infrastructure Security Agency (CISA) mandate requires U.S.

InfoSec 102

InfoSec Advertising Government Cybersecurity 102

SecureWorld News

DECEMBER 13, 2023

Lazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, initially disclosed in 2021, shook the cybersecurity community due to its critical nature.

Software 93

Software Malware Manufacturing Risk 93

Security Affairs

DECEMBER 23, 2021

The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘ Hack DHS ‘ bug bounty program.

Hacking 107

Hacking Government Cybersecurity Information Security 107

Dark Reading

MAY 5, 2021

The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.

91

91

Hacker Combat

AUGUST 23, 2022

Following what it referred to as a “ridiculous vulnerability disclosure process,” a security company has revealed the specifics of a problem with a CrowdStrike product. Following the disclosure, CrowdStrike clarified a few things.

Risk 89

Risk 89

CyberSecurity Insiders

JULY 7, 2022

Unremediated vulnerabilities are open doors that let malicious actors walk right through. Keeping track of those vulnerabilities and responding quickly and efficiently is one challenge—finding openings they might not even know about is another. The company’s CEO Lisa Xu commented: “The future of vulnerability management is risk-based.

Risk 83

Risk Penetration Testing Cybersecurity 83

Dark Reading

APRIL 7, 2021

Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.

Risk 80

Risk 80

CyberSecurity Insiders

NOVEMBER 24, 2022

But the whole activity has a hidden twist in it as only ethical hackers will be rewarded under the ‘bug bounty’ program and they will receive a reward for letting the companies know about the vulnerabilities in their cyber defenses. ASD will issue rewards and will have the sole authority on making these revelations public.

Cyber Attacks 80

Cyber Attacks Insurance Data breaches Cyber threats 80

CyberSecurity Insiders

OCTOBER 5, 2021

Google has started a new initiative that will be in lines with its current bug bounty program. The internet juggernaut will announce a fund backup to developers who help identify vulnerabilities in its Secure Open Source(SOS) program.

Backups 105

Backups Software Accountability Passwords 105

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server.

Internet 98

Internet Internet Backups Hacking 98

SC Magazine

MARCH 9, 2021

Today’s columnist, Kathleen Trimble-Noble of Intel, offers insights into what makes for a good hardware-based bug bounty program. 4 in HackerOne’s 2020 list of Top 10 public bug bounty programs. Coordinated Vulnerability Disclosure ( CVD ) has become a critical aspect of security today. Intel ranked No.

Technology 64

Technology Software Manufacturing Media 64

Security Affairs

APRIL 29, 2021

An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588 , could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). ” continues the advisory.

Hacking 115

Hacking Information Security Malware Cybersecurity 115

CyberSecurity Insiders

MAY 8, 2023

When the cybersecurity community deals with every patch day like we dealt with school fire drills, it runs the risk of becoming numb to the severity of some of the vulnerabilities and blind to which vulnerabilities should be prioritized. Statistics show that threat actors never exploit 94 percent of the disclosed vulnerabilities.

CISO 128

CISO Media Risk Software 128

SC Magazine

APRIL 15, 2021

Not all vulnerability hunters play by the rules. The initial discussion was prompted by comments from Kari Rollins, partner at legal firm Sheppard Mullin, who noted “seeing a rise in bug bounty demands, not through your traditional structured bug bounty programs.”. Photo courtesy of HackerOne).

CSO 101

CSO Media Manufacturing Ransomware 101