Cyber-security researchers from four major universities have disclosed a new processor-based vulnerability called BranchScope similar to Spectre/Meltdown, but is immune to the fixes put in place that patch those vulnerabilities.
Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a DoS condition.
"Principles-based" guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyber-attack.
Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.
If GDPR had been in effect during the latest Uber hack, the ride-sharing company would have faced stiffed consequences - or more promptly revealed the attack that compromised data of 57 million customers and drivers.
In Case You Missed It: Intel AMT bug; MS early disclosure spat; counter-terror expo; Kaspersky accused; Macron's DP.
Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups in the US for a national conversation about vulnerability disclosure policy.
A security researcher claims to have hacked an Amazon server and dumped the information of tens of thousands of users online. Even though several sources appear to speak for the data's legitimacy, Amazon says it's nonsense.
A new report has called for greater accountability and oversight in the way the government reports the software vulnerabilities that it discovers.
Symantec's new report has been released, showing some interesting numbers on how many companies actively fail to report breaches, but how much does transparency really matter in keeping data safe?
One mysterious hacker has blackmailed a UAE bank threatening to release the account information of some of their most important clients over Twitter.
Security consultant Gianni Gnesa has been threatened with legal action ahead of a speech at the upcoming Hack in the Box conference in Singapore.
We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?
Vulnerability management firm Secunia has apologised after an undisclosed vulnerability was sent to a public emailing list.