The Hacker-Powered Security Report 2018 is the most comprehensive report on the bug bounty and vulnerability disclosure ecosystem. It contains a detailed analysis of 78,275 security vulnerability reports reported over the past year by ethical hackers through more than 1,000 programs.
This report looks exclusively...
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
As the threat landscape evolves in today's networks, information security teams are scrambling to keep up. Attackers are using new and stealthy methods to infiltrate organizations and steal data, and the complexity of most environments makes it easier than ever for attackers to compromise assets and send malicious...
The head of the NSA's Cybersecurity Threat Operations Center says attackers haven't bothered targeting unclassified U.S. Defense Department networks with a zero-day exploit in 24 months. Instead, they attempt to exploit flaws within 24 hours of information of the vulnerability or exploit going public.
The annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors thousands of applications, appliances and operating systems to test and verify vulnerabilities, while mapping the security threats to IT infrastructures.
Download this...
The technologies and processes that businesses deploy today are so tightly linked to their customers and markets that the
boundary between the company's internal operations and external
ecosystem (i.e., customers, markets, competitors, partners,
regulators) is rapidly disappearing. Business leaders are
...
A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.
The fact that Federal agencies are prime targets for the most sophisticated cyber threats is undeniable. If cyberattacks are inevitable, then robust capabilities for security investigation, threat hunting, and rapid response are essential. Government cybersecurity professionals require visibility across their silos of...
How can gaining visibility into indicators of exposure (IOEs) shrink layers of attack and more effectively contain incident? By understanding how network modelling and simulation can be used to visualize and analyze an attack surface, as well as understanding how to measure IOEs, such as vulnerability density,...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
