disclosure Archives | CW Enterprises

Vulnerability Disclosure Programs See Signups & Payouts Surge

22nd September 2020Kelly Sheridan Staff Editor

More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million. Source: Dark [...]

Facebook Debuts Third-Party Vulnerability Disclosure Policy

4th September 2020Tara Seals

If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. [...]

U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021

2nd September 2020Lindsey O Donnell

U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate. Source: Threat Post – Web Security – [...]

Hackers Exploited CVE-2020-3452 Flaw in Cisco ASA & FTD Within Hours After the Disclosure

25th July 2020GURUBARAN S

Cisco fixed a high-severity path traversal vulnerability CVE-2020-3452 with Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The [...]

Unpatched Bugs in Oracle iPlanet Opens Door to Info-Disclosure, Injection

11th May 2020Tara Seals

CVE-2020-9315 and CVE-2020-9314 in iPlanet version 7 will not receive patches. Source: Threat Post – Web Security – Unpatched Bugs in Oracle [...]

The Long Path out of the Vulnerability Disclosure Dark Ages

28th February 2020Lily Hay Newman

Letting a company know about flaws in their products has gotten easier sine 2003—but not by much. Source: Wired – The Long [...]

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

25th February 2020CW Enterprises

Local information disclosure in OpenSMTPD (CVE-2020-8793) Source: Security Focus – Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793) [...]

Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

17th February 2020CW Enterprises

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability Source: Security Focus – Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability [...]

Google's Project Zero Policy Change Mandates 90-Day Disclosure

8th January 2020Dark Reading Staff

The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports. Source: Dark Reading – Threat Intelligence – [...]

Disclosure Does Little to Dissuade Cyber Spies

5th November 2019Robert Lemos Contributing Writer

In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch [...]