bugs
Security Debt, or When Bugs Go Bad
Occasionally, the IT world is gripped by a resurgence of concern – sometimes a fleeting trend, other times a significant issue. Lately, the term “Security Debt” has been making the rounds across ...
0-days, n-days, too many days
A software vendor, a threat actor, and a bug bounty hunter walk into a bar. The bug bounty hunter goes “have you guys heard about this new bug I just spotted?” “Never ...
LibreOffice 7.5.6 Arrived with Over 50 Bug Fixes
LibreOffice 7.5.6, the latest and sixth update to this stable open-source office suite series, is available now with a total of 53 bug fixes. The first LibreOffice 7.5 release came in February ...
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us ...
Am I Really Vulnerable? Gut-Checking Bug Risk
Whenever a new software vulnerability hits the headlines, the tendency among cybersecurity pros, security analysts and teams is to think the worst; that the bug could have a big impact on organizations ...
NAME:WRECK DNS Bugs: What You Need to Know
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System ...
Google to Offer Advance Payments in Patch Rewards Program
Google says it plans to be more proactive in its bug and vulnerability hunting and is now offering money before patch work is completed, as opposed to after the fact. Security needs ...
Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication
Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining - if you will - the lackadaisical 2FA data flow promulgated by ...
Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype
Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without ...
DREAD, The Pirate Approach
via the inimitable Adam Shostack (author of The New School of Information Security) and Threat Modeling; a leader in the Threat Modeling arena), whilst writing at his fascinating blog, comes a sterling ...