🚨 Critical RCE vulnerability puts thousands of GeoServer instances at risk.
If exploited, attackers can execute arbitrary code remotely—jeopardizing sensitive geospatial data and infrastructure.
Stay informed. Stay protected.
#RCERisk #GeoServerVulnerability #CyberSecurityAlert #RemoteCodeExecution #VulnerabilityDisclosure #InfoSec #CyberThreats #ZeroDay #WardenShield
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.
OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community
🛡️ Something special is coming soon.
The OVR Foundation is launching its website shortly.
We’re building an open, decentralized standard for vulnerability reporting — because global security should never rely on one country or institution.
Stay tuned and follow. A more resilient future starts here.
#CyberSecurity #OpenStandards #DecentralizedWeb #OVR #FOSS #VulnerabilityDisclosure #InfoSec #Fediverse #CVE #Mitre #Vulnerability #decentralized
Cloudflare launches free Security.txt generator to boost website security: New tool simplifies vulnerability disclosure process, aligning with industry standards for enhanced web security practices. https://ppc.land/cloudflare-launches-free-security-txt-generator-to-boost-website-security-2/?utm_source=dlvr.it&utm_medium=mastodon #Cloudflare #WebSecurity #CyberSecurity #VulnerabilityDisclosure #SecurityTXT
Killing Filecoin nodes - By Simone Monica
In January, we identified and reported a vulnerability in the Lot... https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/ #vulnerabilitydisclosure #blockchain
Use a #Linksys Velop Pro 6E or Velop Pro 7 mesh router? Your Wi-Fi credentials have been sent plaintext to US Amazon servers for at least 7 months.
stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/
#networking #vulnerabilitydisclosure
We are still at the stage where the ISO standards body sells the document behind a paywall, and it cannot be redistributed.
#paywall #standard #infosec #vulnerability #vulnerabilitydisclosure #cvd #iso #ietf
ISO/IEC 30111:2019 Information technology — Security techniques — Vulnerability handling processes
Maybe it's time to use IETF to publish such standard and not ISO.
Out of the kernel, into the tokens - By Max Ammann and Emilio LĂłpez
Our application security team leaves no stone untur... https://blog.trailofbits.com/2024/03/08/out-of-the-kernel-into-the-tokens/ #vulnerabilitydisclosure #applicationsecurity #linux
Breaking the shared key in threshold signature schemes - By Fredrik Dahlgren
Today we are disclosing a denial-of-service vulnerability that affect... https://blog.trailofbits.com/2024/02/20/breaking-the-shared-key-in-threshold-signature-schemes/ #vulnerabilitydisclosure #cryptography
NEW CWE PODCAST —
Listen to Przemyslaw Roguski of #RedHat talk @ how Red Hat uses #CWE, especially the #SoftwareDevelopment View; why mapping to CWE root cause weaknesses is important in #VulnerabilityDisclosure; CWE in the #SoftwareDevelopmentLifecycle; & so much more!
LeftoverLocals: Listening to LLM responses through leaked GPU local memory - By Tyler Sorensen and Heidy Khlaaf
We are disclosing LeftoverLocals: a vulnerabili... https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ #vulnerabilitydisclosure #machinelearning
Billion times emptiness - By Max Ammann
Behind Ethereum’s powerful blockchain technology lies a lesser-known... https://blog.trailofbits.com/2023/12/29/billion-times-emptiness/ #vulnerabilitydisclosure #blockchain
I’m still surprised by some projects who complain about the burden to deal with security vulnerability disclosure. If a project used by many orgs has zero vulnerability documented and especially didn’t publish anything about security disclosure. There is maybe something to be fixed.
Confused by the wave of new EU cybersecurity regulations impacting the telecom sector?
Can't distinguish the obligations of the NIS2 Directive from those of NIS1? The Cyber Resilience Act (CRA) from the Critical Entity Resilience Act (CER)? And whatever happened to the European Electronic Communications Code (EECC)?
Telecom operators in the EU have to comply with all of these but the NIS2 Directive is the central one now. It ushers in by far the most substantial changes in telco cybersecurity strategy and day to day cybersecurity operations. Read more in this new HardenStance White Paper:
https://www.hardenstance.com/wp-content/uploads/2023/11/Telco-Takeaways-from-the-NIS2-Directive-FINAL.pdf
#nis2directive #incidentreporting #vulnerabilitydisclosure #threatintelligence
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks.
The risk arises from “half-day” and “0.75-day” vulnerabilities.
https://www.helpnetsecurity.com/2023/11/09/open-source-vulnerability-disclosure-process-flaws/
50 leading lights of the cybersecurity community recently wrote an open letter to the EU cautioning against the potential risk arising with Article 11 of the new Cyber Resilience Act relating to vulnerability disclosure requirements.
In this 25 minute interview, I spoke to one of them, Bugcrowd's Founder and CTO, Casey Ellis, about what these industry leaders are worried about and the change they're lobbying for.
#vulnerability #vulnerabilitydisclosure #vulnerability_management #CyberResilienceAct
@bugcrowd@twtr.plus
@Bugcrowd
Congratulations Þorsteinn K. Ingólfsson on defending your #Master's this week, very well done 🙌 . It's great to know you are contemplating continuing to do research.
Special thanks to the co-advisers and the committee members for their insights, feedback and questions Thomas Welsh, Helmut Neukirchen, Matthias Book, and Theodor Gislason.
Thesis: The state of cybersecurity vulnerability reporting in Iceland.
Háskóli Íslands (the University of Iceland).
#háskĂłliĂslands #researchers #graduateschool #cybersecurity #infosec #VulnerabilityDisclosure
#research #academia #bugbounty
Via #BruceSchneier ±1 hour ago: "Operation Triangulation: Zero-Click iPhone Malware"
#fz_links / #VulnerabilityDisclosure #iMessage #iOS #Apple #infosec #malware
Interesting research by David Bozzini, an antropologist at the University of Fribourg, Switzerland, about the history of vulnerability disclosure, from first (ethical) hacker to modern bug bounty programs:
"My research focuses on the defense mechanism of vulnerability disclosure, which has become immensely valuable to the digital tech industry and beyond. This paper addresses the history of vulnerability disclosure and the emergence of the defensive market that has developed alongside the offensive market In fact, the defensive market for vulnerability information is a recent model of vulnerability disclosure organized in the form of bug bounties programs. Bug bounties are initiatives managed by companies or organizations looking for information on their own vulnerabilities through which they pay individuals—ethical hackers—to uncover bugs in their systems and, in turn, improve the security of their products and services. In this paper, I analyze the historical processes that have transformed models of vulnerability disclosure over the years and have given rise to a defensive market that has monetized disclosure, turned ethical hacking into labor, and made information on vulnerabilities a commodity."
https://hal.science/hal-04068476
#vulnerabilitydisclosure #bugbounty #history #research #markets
Hall of Fame fĂĽr Scherheitsforschende
"Vorbilder
Danksagungen an diejenigen, die Sicherheitslücken melden, sind insbesondere in großen US-amerikanischen Konzernen wie Google und Microsoft längst gang und gäbe. Aber auch das BSI und die Bundeswehr haben bereits eigene Webseiten mit Danksagungen; im Bereich der Medien ist das allerdings bislang eher unüblich."
#VulnerabilityDisclosure #VDP #VDPBw #Schwachstellenmanagement
