#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Vulnerability Database | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability Database
China's New Law Requires Vendors to Report Zero-Day Bugs to Government

China's New Law Requires Vendors to Report Zero-Day Bugs to Government

Jul 17, 2021
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The " Regulations on the Management of Network Product Security Vulnerability " are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks. "No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities," Article 4 of the regulation states. In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being disclos
The Rise of the Open Bug Bounty Project

The Rise of the Open Bug Bounty Project

Feb 06, 2020
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as "next-generation penetration testing" or similar services. You be the judge of how successful they will be. Generous venture funds have poured many millions into rapidly spending bug bounty startups that have not replaced Managed Penetration Testing (MPT) services (as some declared). However, these startups have positively improved the price/quality ratio of pen testing services on the global market. Amid the uncertainty for the future of commercial bug bounty platforms, the not-for-profit Op
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
NIST National Vulnerability Database hacked

NIST National Vulnerability Database hacked

Mar 14, 2013
The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week. The website of NVD ( https://nvd.nist.gov/index.html ) is down since Friday due to a malware infection on two web servers, discovered on Wednesday. The main page of website reads," The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available ." According to a post available on Google+ by Kim Halavakoski , who contacted NIST Public Inquiries Office to know about the issue," On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was
cyber security

Infostealers: How Attackers Are Stealing Your Cookies and Bypassing MFA

websitePush SecuritySaaS Security / Offensive Security
Join our webinar for a live demo of infostealer tools, showcasing session cookie theft and session hijacking to compromise MFA-protected M365 accounts and downstream SaaS apps.
Expert Insights
Cybersecurity Resources