Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-us

A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.The security hole, tracked as CVE-2021-0254 and affecting the Junos operating system, was discovered by Nguyễn Hoàng Thạch, aka d4rkn3ss, a researcher with Singapore-based cyberse

Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020. Until now, if

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.Tracked as CVE-2021-27602 and featuring a CVSS score of 9.9, the critical security hole could

While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation

An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system.The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.A zero-day vulnerability is a security bug that has been publicly disclosed but has not been patched in the released version of the affected software.Today, security researcher Rajvardhan Agarw

Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems today announced the launch of a new Vulnerability Disclosure Program (VDP).LifeLabs Medical Laboratory started the VDP program with the intention of strengthening cybercrime detection technology across its online tools, apps, and solutions.&ldquo

Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2,000 surveyed IT and security workers indicated that they had suffered a data breach in the last two years that

A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools pr

byPaul DucklinApple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches.Even users of older iPhones and iPads who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as follows:iOS 14 (recent iPhones): update to

byPaul DucklinCybercrime isn’t about just one sort of attack, one type of crook, or one method of protection!Learn more: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles.Why not join us live next time?Don’t forget that these talks are streamed weekly on our Facebo

byPaul DucklinOpen source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend.Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions:Code change in Trojanised ext/zli

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the

Account takeover vulnerability fraud is a type of ‘identity fraud’ where a vindictive outsider effectively accesses a client’s account credentials. By acting like the authentic user, hackers can change the details of the accounts, convey phishing emails, take monetary data or any other information that is sensitive, or utilize any of the rustled data t