Security News
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. "Half-day" vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there's still no official fix.
With the help of the wallet, the user can limit the disclosure of his data to those attributes that are necessary for the provision of the service, e.g., a user's legal age or a successfully completed university degree. This selective disclosure enables an individual to share parts of a larger data set.
While the CRA doesn't demand companies forward an exploited vulnerability's full technical specifications to ENISA, it does require companies to report on a vulnerability "With details"-and these details could be more than enough to attract the attention of a savvy attacker. As the CERT Guide to Coordinated Vulnerability Disclosure puts it: "Mere knowledge of a vulnerability's existence in a feature of some product is sufficient for a skillful person to discover it for themselves."
A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity...
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity...
As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a "Recovery program" might not be enough to get things going again. Ransomware attacks these days frequently involve cybercriminals stealing copies of your trophy data first, notably including employee and customer details, and then scrambling your copies of those very same files, thus squeezing you into a double-play cybersecurity drama.
The U.S. SEC has introduced new rules for publicly traded companies to disclose cyberattacks within four business days if they are considered significant to investors. Foreign private issuers are also required to provide equivalent disclosures. SEC Chair Gary Gensler stated that consistent and comparable disclosure would benefit both companies and investors.The rules demand listed companies to include cyberattack details in periodic report filings (8-K forms). These rules will be effective from December or 30 days after publication in the Federal Register. Smaller companies will have an additional 180 days to comply. Disclosure timelines may be delayed if immediate disclosure poses a risk to national security or public safety.
The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material...
Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. To settle the SEC's charges, Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack.
"The threat actor was able to capture the employee's master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer's LastPass corporate vault," detailed the company´s recent security incident report. LastPass issued recommendations for affected users and businesses in two security bulletins.