The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses. The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential security weaknesses reported by researchers.
In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations. When cybersecurity services firm Mandiant released its APT 1 report in 2013, the Chinese group immediately shut down, and the command-and-control servers that had been used
Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-15032PUBLISHED: 2019-09-19 Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. CVE-2019-15033PUBLISHED: 2019-09-19 Pydio