Disclosure News, Articles and Updates

Researchers uncover BranchScope, a new Intel processor vulnerability

Cyber-security researchers from four major universities have disclosed a new processor-based vulnerability called BranchScope similar to Spectre/Meltdown, but is immune to the fixes put in place that patch those vulnerabilities.

Old version of HPE Lights-Out server management contains DoS vulnerability

Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a DoS condition.

SEC issues cyber-security guidance disclosure

"Principles-based" guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyber-attack.

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Penalties for Uber's delayed breach notification would be huge under GDPR

If GDPR had been in effect during the latest Uber hack, the ride-sharing company would have faced stiffed consequences - or more promptly revealed the attack that compromised data of 57 million customers and drivers.

ICYMI: Intel bug; early disclosure; counter-terror expo; Kaspersky; Macron

In Case You Missed It: Intel AMT bug; MS early disclosure spat; counter-terror expo; Kaspersky accused; Macron's DP.

After NSA leaks, a renewed interest in vulnerability disclosure

Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups in the US for a national conversation about vulnerability disclosure policy.

Hacker claims to breach Amazon server, Amazon disagrees

A security researcher claims to have hacked an Amazon server and dumped the information of tens of thousands of users online. Even though several sources appear to speak for the data's legitimacy, Amazon says it's nonsense.

US gov vulnerability disclosure requires oversight, says new report

A new report has called for greater accountability and oversight in the way the government reports the software vulnerabilities that it discovers.

By the numbers: Just how important is transparency to security posture?

Symantec's new report has been released, showing some interesting numbers on how many companies actively fail to report breaches, but how much does transparency really matter in keeping data safe?

'Hacker Buba' holds UAE bank to ransom

One mysterious hacker has blackmailed a UAE bank threatening to release the account information of some of their most important clients over Twitter.

Security expert cancels talk on back of legal threat

Security consultant Gianni Gnesa has been threatened with legal action ahead of a speech at the upcoming Hack in the Box conference in Singapore.

Is responsible disclosure responsible enough?

We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?

Secunia apologises over vulnerabilty disclosure on mailing list

Vulnerability management firm Secunia has apologised after an undisclosed vulnerability was sent to a public emailing list.