Microsoft Security Servicing Criteria for Windows

One of our goals in the Microsoft Security Response Center MSRC is to be more transparent with security researchers and our customers on the criteria we use for determining when we intend to address a reported vulnerability through a security update. Our belief is that improving transparency on...

transparencia.cisgap.com.br XSS vulnerability

Open Bug Bounty ID: OBB-670879 Description| Value ---|--- Affected Website:| transparencia.cisgap.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

transparencia.saaejat.com.br XSS vulnerability

Open Bug Bounty ID: OBB-670152 Description| Value ---|--- Affected Website:| transparencia.saaejat.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

transparencia.cajeme.gob.mx XSS vulnerability

Open Bug Bounty ID: OBB-660854 Description| Value ---|--- Affected Website:| transparencia.cajeme.gob.mx Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SpiderOak's Warrant Canary Died

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear i...

BlackHat Week is Coming Up

It’s that time of the year again and our team is packing up to go to Las Vegas. Our theme this year is DevSecOps. As companies are embracing DevOps processes, adopt continuous development and continuous integration and follow the agile methodology, it becomes obvious that the old security model o...

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

A group of well-known genetic testing providers have partnered with the Future of Privacy Forum FPF to establish privacy guidelines for handling information about what is arguably the most personal private information there is: DNA. Consumer-grade DNA testing – i.e., services that allow folks at...

March-April 2018 test results: More insights into industry AV tests

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help...

Facebook Faces £500,000 Fine in U.K. Over Cambridge Analytica Leak

Facebook has been fined £500,000 $664,000 in the U.K. after the country's data protection watchdog concluded that its data-sharing scandal broke the law, making it as the social network's first fine over the Cambridge Analytica scandal. Yes, £500,000—that's the maximum fine allowed by the UK's Da...

transparencia.pmnf.rj.gov.br XSS vulnerability

Open Bug Bounty ID: OBB-633030 Description| Value ---|--- Affected Website:| transparencia.pmnf.rj.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

transparencia.quatis.rj.gov.br XSS vulnerability

Open Bug Bounty ID: OBB-632787 Description| Value ---|--- Affected Website:| transparencia.quatis.rj.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cloudflare Gets Transparent on DNS Resolver Outage

In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System DNS resolver that matches up URLs say, “cloudflare.com” with their...

[SECURITY] Fedora 27 Update: gifsicle-1.91-1.fc27

Gifsicle is a command-line tool for creating, editing, and getting information about GIF images and animations. Some more gifsicle features: Batch mode for changing GIFs in place. Prints detailed information about GIFs, including comments. Control over interlacing, comments, looping,...

Adding transparency and context into industry AV test results

Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection Windows Defender ATP evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and...

Securing Cloud-Native Applications

A conversation with Randy Bias Last week we were able to sit down with Randy Bias — a cloud pioneer and a technology visionary who currently oversees Juniper Networks cloud strategy. We have asked Randy to share his thoughts on the security of private and public clouds and specifically cloud-nati...

Calls For Regulation Build After Facebook Privacy Fallout

As Facebook CEO Mark Zuckerberg appeared before Congress this week, politicians stressed the need for regulation to secure end users’ data privacy on social media platforms. The series of hearings on Tuesday and Wednesday gave members of Congress an opportunity to question Facebook about multiple...

Panera Bread Slammed After Sitting On Massive Data Leak For Eight Months

Panera Bread has shut down a massive data leak that revealed the information of potentially millions of customers via its website. The data was exposed for up to eight months after the company was first notified of the security threat. The incident has shed light on how organizations handle...

The GDPR is Coming: We Shed Light on What’s Still Not Working

On May 25, the biggest shake-up to Europe’s data protection laws in almost a generation will finally take effect, after years of planning. For any US organization handling data on EU citizens, including service providers, it means you could face hefty fines of up to €20m $24.7m or 4% of global...

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident

Facebook is in hot water after acknowledging that a consulting group – that has worked on several high profile political campaigns, including that of President Donald Trump’s – used the social media company’s platform to harvest the data of 50 million users. The company last week said that in 201...

CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds. How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs. For more information about CT logs, check...