Disclosure News, Articles and Updates
Researchers uncover BranchScope, a new Intel processor vulnerability
Cyber-security researchers from four major universities have disclosed a new processor-based vulnerability called BranchScope similar to Spectre/Meltdown, but is immune to the fixes put in place that patch those vulnerabilities.
Old version of HPE Lights-Out server management contains DoS vulnerability
Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a DoS condition.
SEC issues cyber-security guidance disclosure
"Principles-based" guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyber-attack.
Google divulges vulnerability in Microsoft Edge before patch is ready
Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.
Penalties for Uber's delayed breach notification would be huge under GDPR
If GDPR had been in effect during the latest Uber hack, the ride-sharing company would have faced stiffed consequences - or more promptly revealed the attack that compromised data of 57 million customers and drivers.
ICYMI: Intel bug; early disclosure; counter-terror expo; Kaspersky; Macron
In Case You Missed It: Intel AMT bug; MS early disclosure spat; counter-terror expo; Kaspersky accused; Macron's DP.
After NSA leaks, a renewed interest in vulnerability disclosure
Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups in the US for a national conversation about vulnerability disclosure policy.
Hacker claims to breach Amazon server, Amazon disagrees
A security researcher claims to have hacked an Amazon server and dumped the information of tens of thousands of users online. Even though several sources appear to speak for the data's legitimacy, Amazon says it's nonsense.
US gov vulnerability disclosure requires oversight, says new report
A new report has called for greater accountability and oversight in the way the government reports the software vulnerabilities that it discovers.
By the numbers: Just how important is transparency to security posture?
Symantec's new report has been released, showing some interesting numbers on how many companies actively fail to report breaches, but how much does transparency really matter in keeping data safe?
'Hacker Buba' holds UAE bank to ransom
One mysterious hacker has blackmailed a UAE bank threatening to release the account information of some of their most important clients over Twitter.
Security expert cancels talk on back of legal threat
Security consultant Gianni Gnesa has been threatened with legal action ahead of a speech at the upcoming Hack in the Box conference in Singapore.
Is responsible disclosure responsible enough?
We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?
Secunia apologises over vulnerabilty disclosure on mailing list
Vulnerability management firm Secunia has apologised after an undisclosed vulnerability was sent to a public emailing list.