HN SecurityApr 23, 2025
We have identified some security vulnerabilities (CVE-2025-1731) in Zyxel USG FLEX H Series firewall appliances, that allow local users with access to a Linux OS shell to escalate privileges to root.

https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731

#Zyxel #VulnerabilityResearch #CoordinatedDisclosure
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) - hn security

“So we wait, this is our […]

hn security
Harry SintonenFeb 18, 2025

#OpenSSH client is vulnerable to MitM attacks if VerifyHostKeyDNS is enabled - https://www.openwall.com/lists/oss-security/2025/02/18/1

#CVE_2025_26465 #coordinateddisclosure #infosec #cybersecurity

oss-security - MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

CVE ProgramOct 2, 2024
We Speak CVE Podcast episode 26 now available!
“CNA Onboarding Process Myths Versus Facts”
https://youtu.be/N22bsppsJSQ

#CVE #Vulnerability #VulnerabilityManagement #Cybersecurity #EOL #CoordinatedDisclosure #InformationSecurity
CNA Onboarding Process Myths Versus Facts

YouTube
floyd aka floyd_chAug 22, 2023
As they are not responding to emails, we are looking for security contacts at Atos/Unify for #coordinatedDisclosure #responsibledisclosure purposes. Please help finding someone, the 2 week initial response deadline is ticking fast... #vulnerability
floyd aka floyd_chJun 21, 2023
#coordinateddisclosure is such a pain. Vendor with PGP key on website, we send encrypted advisory. They reply they can‘t decrypt and ask if we exchanged keys already… *sigh* disclosure timeline is running though
floyd aka floyd_chNov 23, 2022
Interessanter Artikel zu #CoordinatedDisclosure https://www.inside-it.ch/kontroverse-nach-ende-des-organspende-registers-wann-muessen-luecken-oeffentlich-werden-20221122
Kontroverse nach Ende des Organspende-Registers: Wann müssen Lücken öffentlich werden?

Die Tragödie um das Register von Swisstransplant kennt nur Verlierer. Die Schweiz braucht eine politische Diskussion zu Datenbanken mit sensiblen Informationen und zum Meldeverfahren von Sicherheitslücken.

ITSEC NewsDec 29, 2021
Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos - In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm... https://feeds.feedblitz.com/~/676472216/0/thesecurityledger~Episode-Unpacking-LogShell%e2%80%99s-Uncoordinated-Disclosure-Chaos/ #criticalinfrastructure #coordinateddisclosure #apachefoundation #vulnerabilities #markstanislav #disclosure #companies #log4shell #spotlight #interview #podcasts #threats #log4j
Episode 233: Unpacking Log4Shell’s Un-coordinated Disclosure Chaos |

Mark Stanislav, a Vice President at Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the flaw in Log4j.

The Security Ledger with Paul F. Roberts
ITSEC NewsSep 4, 2020
Facebook Debuts Third-Party Vulnerability Disclosure Policy - If the social-media behemoth finds a bug in another platform's code, the project has 90 days to re... https://threatpost.com/facebook-third-party-vulnerability-disclosure-policy/158976/ #vulnerabilitydisclosurepolicy #coordinateddisclosure #publicdisclosure #vulnerabilities #thirdpartycode #websecurity #opensource #bugbounty #facebook #90days #vdp
Facebook Debuts Third-Party Vulnerability Disclosure Policy

If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.

Threatpost - English - Global - threatpost.com
ITSEC NewsJan 8, 2020
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy - Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes availab... more: https://threatpost.com/google-ditches-patch-disclosure-90-day-policy/151626/ #vulnerabilitydisclosure #coordinateddisclosure #vulnerabilities #policychanges #projectzero #bugbounty #90days #google
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy

Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.

Threatpost - English - Global - threatpost.com
Boing BoingAug 22, 2018
All versions of Openssh share a critical vulnerability, including embedded code that will never be updated https://boingboing.net/2018/08/22/eternal-defects.html #coordinateddisclosure #revengeofheartbleed #internetofshit #foreverdays #security #infosec #openssh #crypto #Post #iot
All versions of Openssh share a critical vulnerability, including embedded code that will never be updated

Every version of the popular Openssh program — a critical, widely used tool for secure communications — share a critical vulnerability that was present in the program’s initial 19…

Boing Boing