Good idea, bad design: How the Diamond standard falls short

TL;DR: We have reviewed the implementation of Diamond’s proposed standard contract proposal for quality improvement and cannot recommend it in its current form – but see our recommendations and guide to the quality improvement strategy for contracts. We recently revised the implementation of the Standard Diamond Code, a new model of scalability. It is worthwhile, …

Good idea, bad design: How the Diamond standard falls short Read More »

Companies paid $4.2M bug bounties for XSS flaws in 2020Security Affairs

Cross-site scripting (XSS) issues are the most common vulnerabilities that have received the most awards on the HackerOne vulnerability reporting platform. Cross-site scripting (XSS) is the most common form of vulnerability and has received the most awards on HackerOne’s vulnerability reporting platform. XSS vulnerabilities are responsible for 18% of all deficiencies reported by bug hunters; …

Companies paid $4.2M bug bounties for XSS flaws in 2020Security Affairs Read More »

Western Digital Finds Replay Attack Protection Flaw Affecting Multiple Vendors

This vulnerability, recently discovered by researchers of the Western digital storage giant Replay Protected Memory Block (RPMB), affects the products of several other major companies, including Google, Intel and MediaTek. Replay attacks generally allow hackers to perform different types of actions on behalf of a legitimate user, intercept data and replay it later. These attacks …

Western Digital Finds Replay Attack Protection Flaw Affecting Multiple Vendors Read More »

Sophisticated Chinese APT Group Targets Southeast Asian Governments

According to Bitdefender, a complex group of Persistent Advanced Threats (PATs), believed to be based in China, have been secretly attacking Southeast Asian governments for the past three years. The intruder’s infrastructure still seems to be active, even though many Command and Control (C&C) servers are inactive. The group was supposedly government-sponsored and used many …

Sophisticated Chinese APT Group Targets Southeast Asian Governments Read More »

Top 7 Use Cases for Digital Risk Protection

Today’s businesses are undergoing an accelerated digital transformation as a result of the pandemic, and the adoption of initiatives that would normally take years to support remote workstations and the transition to new platforms is accelerating. The external digital landscape is also growing rapidly and companies are increasingly forced to do business through non-traditional channels. …

Top 7 Use Cases for Digital Risk Protection Read More »