Archive - November 2020

US Supreme Court hears Van Buren appeal arguments in light of Computer Fraud and Abuse Act ambiguity 30 November 2020 at 16:53 UTC Bug Bounty Radar // The latest bug bounty programs for November 2020 30 November 2020 at 15:39 UTC New Zealand Privacy Act: Updated data breach legislation comes into effect on December 1 30 November 2020 at 13:59 UTC Australia’s tax office to invest in ‘selfie’ identification technology 27 November 2020 at 17:32 UTC VMware patches security flaws leading to RCE in SD-WAN Orchestrator 27 November 2020 at 16:11 UTC Drupal inherits critical file archiving library flaw 27 November 2020 at 14:20 UTC RCE bug in Elixir-based Paginator could expose users’ cloud assets 26 November 2020 at 15:42 UTC Google security researcher banned from Call of Duty: Modern Warfare after ‘reverse engineering networking code’ 26 November 2020 at 14:45 UTC Network hacking and ransomware fueling global cybercrime surge 26 November 2020 at 12:22 UTC PasswordsCon 2020: Authentication expert expresses skepticism about ‘passwordless’ future 25 November 2020 at 17:46 UTC Rampant CNAME misconfiguration leaves thousands of organizations open to subdomain takeover attacks – research 25 November 2020 at 14:46 UTC Vulnerable NPM security module allowed attackers to bypass SSRF defenses 25 November 2020 at 13:10 UTC Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps 24 November 2020 at 15:58 UTC Data breach at UK flooring firm Headlam Group after company suffers cyber-attack 24 November 2020 at 13:30 UTC JARM fingerprinting tool helps network defenders identify malicious servers, malware C2 infrastructure 24 November 2020 at 12:32 UTC Websites that use mix of HTTP, HTTPS schemes may break under new Chrome SameSite rules 23 November 2020 at 17:48 UTC ImageMagick PDF-parsing flaw allowed attacker to execute shell commands via maliciously crafted image 23 November 2020 at 16:40 UTC Sploitus exploit search engine comes under DMCA fire, search engine page removal 23 November 2020 at 12:52 UTC DDoS attacks more numerous, diverse, but smaller in Q3 of 2020 20 November 2020 at 16:47 UTC ‘As long as people are the ones writing code, there’s going to be insecure code’ – Tommy DeVoss on his post-jail bug bounty exploits 20 November 2020 at 15:52 UTC CyberSeal arrests: Malware code encryption suspects apprehended in Romania 20 November 2020 at 15:21 UTC Two critical bugs in Apache Unomi allowed attackers to run OS commands on vulnerable servers 20 November 2020 at 13:42 UTC Computer Misuse Act: Most UK cybersecurity pros fear breaking the law by simply doing their jobs 19 November 2020 at 16:20 UTC Ethereum bumps up bug bounty payouts ahead of 2.0 release 19 November 2020 at 14:29 UTC OSINT: What is open source intelligence and how is it used? 19 November 2020 at 14:20 UTC Assault mode: PlayStation 5 launch blighted by widespread phishing attacks – report 19 November 2020 at 12:31 UTC Google Project Zero to form ‘crystal ball’ forecast panel to help improve vulnerability disclosure 18 November 2020 at 16:25 UTC Tor Project rolls out program to turbo-charge network throughput 18 November 2020 at 15:30 UTC Exploitation of Cisco Security Manager RCE flaws ‘imminent’ 18 November 2020 at 13:36 UTC Firefox introduces HTTPS-Only Mode to shield users from insecure connections 17 November 2020 at 17:33 UTC Origin Dollar cryptocurrency hacked to the tune of $7m less than two months after launch 17 November 2020 at 14:40 UTC Security luminary Bruce Schneier opens (ISC)2 conference with renewed call for public-interest technologists 17 November 2020 at 12:54 UTC Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover 16 November 2020 at 17:15 UTC Experiment reveals differences in secret leak detection on Git code repositories 16 November 2020 at 15:47 UTC Vulnerability in Firefox for Android allowed attackers to steal cookies, local files 16 November 2020 at 14:57 UTC SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’ 16 November 2020 at 11:52 UTC Apple’s Safari browser blocks CNAME cloaking in Big Sur privacy boost 13 November 2020 at 16:52 UTC US mental health provider admits email breach exposed patient data 13 November 2020 at 15:58 UTC ethicsFIRST: Maintaining ethical behavior across the cybersecurity industry 13 November 2020 at 15:00 UTC Magecart group 12 decloaked thanks to unique ‘Ant and Cockroach’ skimmer 12 November 2020 at 17:31 UTC All Day DevOps 2020: Opaque open source supply chain a matter of life and death, attendees told 12 November 2020 at 16:25 UTC Source code review uncovers filtering bypass bugs in Naxsi WAF 12 November 2020 at 14:02 UTC Binance awards $200,000 bounty after cyber-attackers indicted in US 12 November 2020 at 12:39 UTC Cybersecurity skills gap narrows for the first time 11 November 2020 at 16:02 UTC Vulnerabilities in Ubuntu Desktop enabled root access in two simple steps 11 November 2020 at 15:02 UTC Silver Peak addresses three-pronged RCE exploit in Unity Orchestrator 11 November 2020 at 12:25 UTC ‘Your connection is not private’ – One in three Android devices set to block Let’s Encrypt-certified websites in 2021 10 November 2020 at 16:20 UTC Security concerns doused as PayPal brings cryptocurrency to the masses 10 November 2020 at 15:10 UTC Insider threat: Corrupt Microsoft testing engineer jailed over $10m gift card scam 10 November 2020 at 14:09 UTC Upcoming Google Chrome update will eradicate reverse tabnabbing attacks 10 November 2020 at 12:17 UTC Facebook pays out $25k bug bounty for chained DOM-based XSS 09 November 2020 at 17:55 UTC Europol campaign urges e-commerce retailers to #SellSafe this Black Friday 09 November 2020 at 16:50 UTC Suspected Vietnamese cyber-spies targeting dissidents in Germany 09 November 2020 at 16:00 UTC Data breach at Mashable leaks users’ personal information online 09 November 2020 at 12:41 UTC GitHub Actions platform vulnerable to code injection attacks – research 06 November 2020 at 15:01 UTC Capcom takes systems offline following cyber-attack 06 November 2020 at 13:32 UTC Cybercrime isn’t the exciting career it’s cracked up to be, say academics 06 November 2020 at 11:45 UTC Brave browser acts quickly to resolve Tor session confidentiality bug 05 November 2020 at 17:13 UTC PHP removed from Internet Bug Bounty program – but scripting language custodians were ‘never involved’ from the outset 05 November 2020 at 15:14 UTC Pwned: Deloitte Hacker IQ game forced offline after hack 05 November 2020 at 14:12 UTC Chesapeake Regional Healthcare data breach exposes 23,000 individuals’ sensitive information 04 November 2020 at 15:30 UTC Google to launch root store to validate web security certificates 04 November 2020 at 14:04 UTC Google to launch VPN inside cloud storage app 03 November 2020 at 17:30 UTC Security AI and automation slashes the cost of data breaches – IBM study 03 November 2020 at 16:45 UTC CNAs and CVEs – Can allowing vendors to assign their own vulnerability IDs actually hinder security? 03 November 2020 at 14:58 UTC NAT Slipstreaming hack tricks firewalls and routers 03 November 2020 at 13:23 UTC Healthcare security: OpenEMR fixes serious flaws that lead to command execution in patient portal 02 November 2020 at 16:34 UTC X-Cart customers recovering from ransomware attack that led to widespread e-commerce site outages 02 November 2020 at 15:10 UTC ‘Triggerless’ backdoors can infect machine learning models without leaving a trace – research 02 November 2020 at 12:48 UTC