Security News

Businesses foresee major impact from new SEC cybersecurity disclosure rules
2024-03-01 05:00

81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023.

How to make sense of the new SEC cyber risk disclosure rules
2024-02-20 06:00

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

QNAP vulnerability disclosure ends up an utter shambles
2024-02-13 20:00

Network-attached storage specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November. Unit 42's assessment, on the other hand, was the polar opposite: "These remote code execution vulnerabilities affecting IoT devices exhibit a combination of low attack complexity and critical impact, making them an irresistible target for threat actors. As a result, protecting IoT devices against such threats is an urgent task."

Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim
2024-02-09 14:30

The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate the vulnerability, it said. Firstly, Fortinet backtracked and said these weren't vulnerabilities at all, instead explaining that they were issued in error and were duplicates of the single vulnerability mentioned in the aforementioned October advisory - CVE-2023-34992.

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
2024-02-08 00:55

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.

Court charges dev with hacking after cybersecurity issue disclosure
2024-01-20 16:17

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 for what it deemed was unauthorized access to external computer systems and spying on data. The programmer examined the software and found that it established a MySQL connection with a remote server belonging to Modern Solution GmbH, the management software vendor.

Apache OFBiz zero-day pummeled by exploit attempts after disclosure
2024-01-08 17:45

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.

Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines
2023-12-07 16:47

The U.S. Securities and Exchange Commission's new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or after that date.Now, those organizations are asking what they need to alter or enhance about their disclosure procedures, incident response and existing cyber capabilities.

5 resolutions to prepare for SEC’s new cyber disclosure rules
2023-11-29 05:30

The most notable example is the US Securities and Exchange Commission's new rules on cybersecurity risk management, strategy, governance and incident disclosure. The new disclosure rules are designed to provide investors with a greater understanding of the risks a listed company faces from cyber threats and the level of controls in place to mitigate that risk.

Vulnerability disclosure: Legal risks and ethical considerations for researchers
2023-11-27 04:30

The conversation also touches on the broader ethical considerations in cybersecurity and the impact of emerging technologies on vulnerability disclosure practices and offers advice for cybersecurity professionals grappling with these critical decisions. Some might argue that in the interest of the public, public disclosure is the most ethical approach as it ensures the issue is closed as quick as possible.