Archive - October 2020

Breaking the Covenant: Researcher discovers critical flaw in open source C2 framework 30 October 2020 at 16:32 UTC National Cybersecurity Awareness Month: Security is for life, not just October 30 October 2020 at 15:30 UTC Bug Bounty Radar // The latest bug bounty programs for October 2020 30 October 2020 at 13:28 UTC Behind the botnet: Akamai’s Tony Lauro on tackling real-world credential stuffing attacks 30 October 2020 at 12:12 UTC Aetna agrees million-dollar settlement after healthcare data breaches violate HIPAA rules 29 October 2020 at 16:31 UTC Spoiling the ballot: Cyber issues cast cloud over US presidential election 29 October 2020 at 16:25 UTC US SIM swap fraudsters charged with multiple crimes 29 October 2020 at 14:02 UTC Semgrep: Static code analysis tool helps ‘eliminate entire classes of vulnerabilities’ 29 October 2020 at 12:06 UTC Winston Privacy devices vulnerable to RCE via chained exploits 28 October 2020 at 16:20 UTC ‘Compromised credentials’ most likely vector in Trump re-election site defacement 28 October 2020 at 14:50 UTC Interview: the Anti-Phishing Working Group’s Peter Cassidy on finding the antidote to cybercrime 28 October 2020 at 13:27 UTC Data breach at Swedish security company leaks 38,000 sensitive documents 27 October 2020 at 17:40 UTC HTTP/3: Everything you need to know about the next-generation web protocol 27 October 2020 at 16:46 UTC Tech giants among those affected by breach at PDF signature software maker Nitro 27 October 2020 at 15:54 UTC Ruckus IoT controllers vulnerable to remote takeover via ‘trivial’ chained exploit 27 October 2020 at 13:55 UTC German armed forces launch security vulnerability disclosure program 27 October 2020 at 12:47 UTC Finnish mental health patients blackmailed after suspected data breach 26 October 2020 at 16:16 UTC Collaborative bug hunting ‘could be very lucrative’ – security pro Alex Chapman on the future of ethical hacking 26 October 2020 at 15:10 UTC Tiki Wiki authentication bypass flaw gives attackers full control of websites, intranets 26 October 2020 at 14:09 UTC Sophisticated botnet feasts on old vulnerability to exploit content management systems 23 October 2020 at 16:22 UTC Symfony-based websites open to RCE attack, research finds 23 October 2020 at 15:01 UTC Enter the Dojo: YesWeHack launches bug bounty exploitation environment 23 October 2020 at 13:55 UTC Microsoft launches machine learning cyber-attack threat matrix 23 October 2020 at 12:46 UTC Researchers warn over mobile browser address bar spoofing vulnerabilities 22 October 2020 at 15:46 UTC OpenDev’s Gerrit deployment back online after suspected admin account compromise 22 October 2020 at 14:00 UTC IoT Security Foundation launches vulnerability disclosure platform for smart device vendors 22 October 2020 at 11:21 UTC Apple provides technical steer on Face ID, Touch ID authentication for websites 21 October 2020 at 15:51 UTC Warnings raised after Nano Adblocker modified to slurp up user data 21 October 2020 at 14:31 UTC US retailer Made in Oregon confirms website data breach 21 October 2020 at 13:00 UTC GitHub Gist: Account takeover vulnerability patched in code-sharing web service 21 October 2020 at 12:03 UTC HTML-to-PDF converters open to denial-of-service, SSRF, directory traversal attacks 20 October 2020 at 14:34 UTC New Zealand launches data breach notification tool 20 October 2020 at 12:30 UTC ReNgine: Open source recon tool automates intel-gathering process for pen testers 20 October 2020 at 10:58 UTC Discord desktop app vulnerable to RCE via chained exploit 19 October 2020 at 15:49 UTC Vulnerability in WordPress plugin TI WooCommerce Wishlist could allow full site takeover 19 October 2020 at 14:45 UTC Linguists team up with computer scientists to spot trends on cybercrime forums 19 October 2020 at 13:33 UTC Paying ransomware demands could risk US sanctions, OFAC warns 16 October 2020 at 14:36 UTC Microsoft unveils plans for Project Zero-style Chromium research program 16 October 2020 at 13:28 UTC TikTok launches public bug bounty program with HackerOne 16 October 2020 at 11:13 UTC German police raid tech firm FinFisher over spyware allegations 15 October 2020 at 15:42 UTC QRadar: Popular IBM security tool open to remote code execution attacks 15 October 2020 at 12:54 UTC Cruise operator Carnival suffers data breach – customer information potentially exposed 15 October 2020 at 11:05 UTC Spreading the word: The changing role of the security evangelist in a post-Covid era 14 October 2020 at 15:21 UTC FIN11 uncovered: Hacking group promoted to financial cybercrime elite 14 October 2020 at 14:27 UTC Patch Tuesday: Microsoft remedies critical TCP/IP remote code execution bug 14 October 2020 at 11:50 UTC Google Chrome partitions browser HTTP cache to defend against XS-Leak attacks 13 October 2020 at 15:57 UTC Phishing in the Amazon: Internet shoppers urged to look out for Prime Day scams 13 October 2020 at 14:24 UTC GHunt OSINT tool sniffs out Google users’ account information using just their email address 13 October 2020 at 11:22 UTC Western governments double down efforts to curtail end-to-end encryption 12 October 2020 at 16:00 UTC Multiple Confluence plugins vulnerable to XSS exploits 12 October 2020 at 13:00 UTC Privacy Badger turns ‘local learning’ off by default following Google security warnings 09 October 2020 at 16:26 UTC US healthcare provider pays $5 million in 2014 data breach settlement 09 October 2020 at 15:30 UTC Researchers discover scores of security bugs in Apple’s stem and core 09 October 2020 at 14:28 UTC Fitbit allowed spyware on official app store – research 09 October 2020 at 12:45 UTC JWT Heartbreaker offers remedy for weak JSON web tokens 09 October 2020 at 11:05 UTC US seizes 92 domains used by Iran to spread ‘fake news’ 08 October 2020 at 15:30 UTC Data breach at Mississippi ambulance service exposes sensitive information of patients 08 October 2020 at 14:02 UTC DOMPurify mutation XSS bypass achieved through MathML namespace confusion 08 October 2020 at 12:03 UTC Vulnerabilities in HashiCorp Vault could lead to authentication bypass 08 October 2020 at 10:50 UTC Researchers map threat actors’ use of open source offensive security tools 07 October 2020 at 15:55 UTC Swiss Post releases bug bounty safe harbor wording under Creative Commons license 07 October 2020 at 12:24 UTC Cyber scams and ransomware booming amid Covid-19 lockdowns – Europol 06 October 2020 at 16:22 UTC HP Device Manager exploit gave attackers full control over thin client servers 06 October 2020 at 15:35 UTC Touch and go: Contactless payment security controls defeated by researchers 06 October 2020 at 14:00 UTC Open source security: Malicious NPM packages broadcast sensitive user data online 06 October 2020 at 11:31 UTC Vulmap: Aiding privilege escalation with CVE-mapping vulnerability scanner 05 October 2020 at 15:02 UTC Vulnerability in Facebook Android app nets $10k bug bounty 05 October 2020 at 13:56 UTC Sharkcop: Google Chrome extension uses machine learning to detect phishing URLs 05 October 2020 at 12:25 UTC Vulnerabilities in Kata containers could be chained to achieve RCE on host 02 October 2020 at 16:40 UTC Black Hat Asia 2020: Android vulnerability scanners tackle code obfuscation and false positives 02 October 2020 at 15:06 UTC Computer scientist behind Meltdown discovery prescribes biological approach to securing complex systems 02 October 2020 at 13:53 UTC Google launches Fuzzilli grant program to boost JS engine fuzzing research 02 October 2020 at 12:12 UTC Grinder Framework helps overcome Shodan false negatives and blind spots 02 October 2020 at 10:33 UTC Anti-cheat gaming servers for Battlefield, Medal of Honor vulnerable to remote exploitation 01 October 2020 at 16:15 UTC BitLocker sleep mode vulnerability can bypass Windows’ full disk encryption 01 October 2020 at 15:02 UTC DNS Flag Day dawns with renewed effort to avoid IP fragmentation 01 October 2020 at 14:14 UTC Black Hat Asia: Need for global security perspectives underlined at virtual event 01 October 2020 at 12:48 UTC Latest web hacking tools – Q3 2020 01 October 2020 at 11:03 UTC