Collaborate Disseminate
The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.
The post Plan to resuscitate beleaguered vulnerability database draws criticism appeared first on CyberScoop.
Continue reading Plan to resuscitate beleaguered vulnerability database draws criticism
Nearly all commercially available computers are vulnerable to a flaw in the process used to display a logo upon start-up.
The post LogoFAIL vulnerabilities impact vast majority of devices appeared first on CyberScoop.
Continue reading LogoFAIL vulnerabilities impact vast majority of devices
Researchers say Digital Communications Technologies has not addressed a bug impacting its Syrus4 IoT gateway, leaving open the possibility for vehicle fleets to be shut down.
The post Dangerous vulnerability in fleet management software seemingly ignored by vendor appeared first on CyberScoop.
Continue reading Dangerous vulnerability in fleet management software seemingly ignored by vendor
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. Zhang explores the intricate balancing act that researchers must p… Continue reading Vulnerability disclosure: Legal risks and ethical considerations for researchers
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “ha… Continue reading Open-source vulnerability disclosure: Exploitable weak spots
The flaw in the widely used open source software package was expected to be the next great catastrophe in computer security.
The post Long-awaited curl vulnerability flops appeared first on CyberScoop.
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered b… Continue reading GNOME users at risk of RCE attack (CVE-2023-43641)
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead devel… Continue reading Be prepared to patch high-severity vulnerability in curl and libcurl
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three of … Continue reading Critical zero-days in Exim revealed, only 3 have been fixed
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the benefi… Continue reading How EU lawmakers can make mandatory vulnerability disclosure responsible