Archive - July 2020

Bug Bounty Radar // The latest bug bounty programs for July 2020 31 July 2020 at 14:00 UTC Microsoft has the highest rate of zero-days detected in the wild, but not all is as it seems 31 July 2020 at 12:02 UTC Zoom fixes flaws that allowed brute-force attacks to crack private meeting passwords 30 July 2020 at 15:52 UTC DIY phishing kits dissected: Organizations urged to tackle the underground ecosystem that democratized cybercrime 30 July 2020 at 14:19 UTC Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient ‘timeless timing’ attacks 30 July 2020 at 12:31 UTC France tops blue-chip cybersecurity maturity index 29 July 2020 at 14:30 UTC Ledger data breach impacts one million users, hardware wallet funds are ‘safe’ 29 July 2020 at 11:51 UTC WordPress plugin vulnerability exposes 80,000 sites to remote takeover 29 July 2020 at 11:19 UTC Promo.com data breach impacts 23 million content creators 28 July 2020 at 15:38 UTC Vermont amends data breach notification law with focus on biometric data protection 28 July 2020 at 14:12 UTC Secure by design: ClassNK updates maritime cybersecurity guidelines 28 July 2020 at 12:33 UTC Healthcare breach: Email hack exposes 78,000 cardiovascular patients’ data 27 July 2020 at 15:40 UTC New research exposes troubling gap between perceived security maturity and reality 27 July 2020 at 13:58 UTC FastJSON deserialization bug can trigger RCE in popular Java library 27 July 2020 at 11:10 UTC Bug bounty leader Clément Domingo on cybersecurity in Africa, hacking events, and chaining vulnerabilities for maximum impact 24 July 2020 at 15:05 UTC Spanish state railway company Adif hit by REvil ransomware attack 24 July 2020 at 12:53 UTC Coronavirus and cybercrime: Germany assumes EU presidency with strong focus on cybersecurity 24 July 2020 at 11:02 UTC Hide and replace: ‘Shadow Attacks’ can manipulate contents of signed PDF docs 23 July 2020 at 15:26 UTC Who is behind APT29? What we know about this nation-state cybercrime group 23 July 2020 at 12:40 UTC DNA testing website claims data breach at rival company GEDmatch led to phishing campaign 23 July 2020 at 11:45 UTC Israel and India sign cybersecurity agreement to protect against Covid-19 cyber-attacks 22 July 2020 at 15:30 UTC Roundcube XSS vulnerability opens the door to email account takeover 22 July 2020 at 14:12 UTC DeepSource breach: Code analysis firm resets user login credentials after employee GitHub account compromise 22 July 2020 at 11:44 UTC Zoom fixes ‘vanity URL’ security issue that left users exposed to phishing exploits 21 July 2020 at 16:02 UTC Maryland elderly healthcare provider hit by data breach impacting 47,000 individuals 21 July 2020 at 14:46 UTC Online poker operator hit by DDoS attack on opening day of WSOP event 21 July 2020 at 13:27 UTC Data breaches ‘decrease by a third’ in first six months of 2020 – report 20 July 2020 at 15:34 UTC Critical flaw in Microweber CMS leaks easy-to-crack admin passwords 20 July 2020 at 12:30 UTC GitHub security team finds remote code execution bug in popular Node.js changelog library 20 July 2020 at 10:39 UTC Django two-factor authentication plugin stored passwords in plain text 17 July 2020 at 15:28 UTC LibreHealth medical records app exposes sensitive patient data 17 July 2020 at 14:30 UTC The Pwning Machine – a new bug bounty testing environment from YesWeHack 17 July 2020 at 12:56 UTC Unpatched Tenda WiFi router vulnerabilities leave home networks wide open to abuse 17 July 2020 at 11:22 UTC Further security holes poked and plugged in Sophos XG firewalls 16 July 2020 at 16:58 UTC EU-US Privacy Shield data-sharing framework declared invalid by ECJ 16 July 2020 at 15:09 UTC Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community 16 July 2020 at 12:09 UTC Unsupported Magento 1 still powers more than 200,000 e-commerce sites 15 July 2020 at 15:30 UTC TrojanNet – a simple yet effective attack on machine learning models 15 July 2020 at 14:02 UTC LiveAuctioneers data breach: Millions of cracked passwords for sale, say researchers 15 July 2020 at 12:59 UTC Microsoft resolves ‘wormable’ DNS security vulnerability 15 July 2020 at 11:47 UTC Remote working during coronavirus pandemic leads to rise in cyber-attacks, say security professionals 14 July 2020 at 15:41 UTC Yahoo data breach victims have less than a week to join million-dollar class action settlement 14 July 2020 at 13:23 UTC Simplicity should underpin enterprise security in a Covid-19 world: Magda Chelly surveys the global infosec landscape 14 July 2020 at 11:17 UTC Ukraine arrests government database hack suspect 13 July 2020 at 14:00 UTC Open source community toasts efforts of EU-FOSSA 2 bug bounty program 13 July 2020 at 11:30 UTC Facebook offers $40k for JavaScript vulnerabilities in bug bounty program 13 July 2020 at 10:09 UTC Zoom.us vulnerability could trigger XSS 10 July 2020 at 15:42 UTC WordPress security: RCE flaw in Adning Advertising plugin exploited in the wild 10 July 2020 at 14:00 UTC Firefox spoofing bug row rumbles on two years after first report 10 July 2020 at 12:40 UTC Sony awards $10,000 bug bounty for PlayStation 4 kernel exploit 10 July 2020 at 09:52 UTC Slack vulnerability allowed attackers to smuggle malicious files onto victims’ devices 09 July 2020 at 14:30 UTC Firefox Send suspended amid concern over malware abuse 09 July 2020 at 13:15 UTC Egyptian bus operator Swvl hit by data breach 09 July 2020 at 12:38 UTC Indian police warn against fake TikTok app spreading malware via WhatsApp 09 July 2020 at 10:53 UTC Number of stolen credentials on cybercrime marketplaces quadruples in just two years 08 July 2020 at 16:24 UTC Kazakh national charged with selling corporate backdoors on cybercrime forums 08 July 2020 at 14:07 UTC Citrix appliance flaws add to recent spate of network security vulnerabilities 08 July 2020 at 11:48 UTC Strategies for combating increased cyber threats tied to coronavirus 07 July 2020 at 16:09 UTC Microsoft touts free malware-busting virtual machine forensics service 07 July 2020 at 15:23 UTC Researchers earn $2.5k bug bounty after exposing credentials in Iranian app Cafe Bazaar 07 July 2020 at 10:14 UTC Google Chrome 84 released next week with revived SameSite cookie changes 06 July 2020 at 15:28 UTC Exploit developed for critical Palo Alto authentication flaw 06 July 2020 at 14:32 UTC F5 customers urged to patch systems as critical BIG-IP flaw is actively exploited 06 July 2020 at 13:26 UTC BIG-IP: Critical flaw in F5 app delivery controller leaves 8,000 devices at risk 03 July 2020 at 15:20 UTC DuckDuckGo CEO clarifies favicon script use, seeks to dispel privacy worries 03 July 2020 at 14:12 UTC What is smishing? How to protect against text message phishing scams 03 July 2020 at 12:35 UTC Hole-y Guacamole: Flaws in Apache remote desktop tech exposed by new research 03 July 2020 at 11:56 UTC Coronavirus and cybercrime: Scammers’ shifting tactics revealed at Akamai event 02 July 2020 at 15:58 UTC Data breach at Canadian insurance firm exposes personal information 02 July 2020 at 15:01 UTC Azure DevOps account takeover hack earns $3,000 bug bounty 02 July 2020 at 14:16 UTC Behave! browser extension alerts users to website port scanning, DNS rebinding 02 July 2020 at 10:20 UTC Latest web hacking tools – Q2 2020 01 July 2020 at 16:29 UTC Tails 4.8: Latest OS release addresses ‘high impact’ security issues 01 July 2020 at 15:05 UTC Vimeo’s Psalm security tool expanded to support taint analysis 01 July 2020 at 12:46 UTC App generator tool JHipster Kotlin fixes fundamental cryptographic bug 01 July 2020 at 10:55 UTC