Collaborate Disseminate
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in the wings … Continue reading Funding uncertainty may spell the end of MITRE’s CVE program
Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any […]
The post Is Ivanti the problem or a symptom of a systemic issue with network devices? appeared first on CyberScoop.
Continue reading Is Ivanti the problem or a symptom of a systemic issue with network devices?
The 21 signatories support a number of steps, such as banning vendors who behave illegally, in a document agreed to last week in Paris.
The post Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses appeared first on CyberScoop.
Continue reading Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses
The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.
The post Researchers raise alarm about critical Next.js vulnerability appeared first on CyberScoop.
Continue reading Researchers raise alarm about critical Next.js vulnerability
The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.
The post House passes bill requiring federal contractors to have vulnerability disclosure policies appeared first on CyberScoop.
Reps. Nancy Mace and Shontel Brown reintroduced VDP legislation after the 2024 bipartisan, bicameral bill didn’t get a full Senate vote.
The post Bill requiring federal contractors to have vulnerability disclosure policies gets House redo appeared first on CyberScoop.
The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.
The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.
Continue reading Vulnerability disclosure policy bill for federal contractors clears Senate panel
The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.
The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.
Continue reading Vulnerability disclosure policy bill for federal contractors clears Senate panel
The November security bulletin includes two CVE’s reportedly exploited in the wild.
The post Android warns of Qualcomm exploit in latest security bulletin appeared first on CyberScoop.
Continue reading Android warns of Qualcomm exploit in latest security bulletin
The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that … Continue reading EU adopts Cyber Resilience Act to secure connected products