Archive - August 2020

Brazil reaches towards cybersecurity maturity 31 August 2020 at 13:23 UTC File conversion tool Zamzar springs to action to quickly resolve web security flaws in API 28 August 2020 at 15:25 UTC Low hanging ‘Forbidden’ fruits: Post-compromise tool targets unguarded Magento flank 28 August 2020 at 13:33 UTC ‘It was quite a ride’ – Jitsi’s Emil Ivov on scaling up the video conferencing platform during a pandemic 28 August 2020 at 11:40 UTC ‘UltraRank’ cybercrime gang behind JS sniffer campaigns previously linked to Magecart 27 August 2020 at 15:34 UTC China targeting AI tech in ‘brazen’ cyber espionage offensive 27 August 2020 at 14:10 UTC Prototype pollution: The dangerous and underrated vulnerability impacting JavaScript applications 26 August 2020 at 14:15 UTC New Zealand stock exchange hit by series of DDoS attacks 26 August 2020 at 11:12 UTC Embedded security: wolfSSL can be abused to impersonate TLS 1.3 servers and manipulate communications 26 August 2020 at 10:37 UTC Zero-day Safari browser flaw creates social engineering risk 25 August 2020 at 15:26 UTC Online security advice fails to help users prioritize problems, report warns 25 August 2020 at 14:16 UTC Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks 25 August 2020 at 12:58 UTC Indian train ticketing vendor RailYatri downplays data breach incident 25 August 2020 at 11:30 UTC Indian national pleads guilty to role in Microsoft tech support scam 25 August 2020 at 10:46 UTC Virtual shoplifting: Critical flaw found in WooCommerce extension NAB Transact 24 August 2020 at 14:10 UTC Play framework vulnerability could lead to CSRF protection bypass 24 August 2020 at 13:07 UTC X-Cart e-commerce platform updates software to defend against RCE vulnerability 21 August 2020 at 15:50 UTC How do you solve a problem like REvil? Recent GandCrab arrest will have ‘no impact’ on successive ransomware campaign 21 August 2020 at 13:55 UTC Uber security executive charged over 2016 data breach ‘cover-up’ 21 August 2020 at 12:07 UTC Gateway bug: ‘Blocked content’ responses from malware defense tools pose data exfiltration risk 20 August 2020 at 15:46 UTC Browser fingerprinting ‘more prevalent on the web now than ever before’ – research 20 August 2020 at 13:53 UTC Experian South Africa data breach may impact millions of residents 20 August 2020 at 12:03 UTC Google Firebase messaging vulnerability allowed attackers to send push notifications to app users 19 August 2020 at 16:04 UTC Mozilla extends bug bounty program to cover exploit mitigation bypass payouts 19 August 2020 at 14:14 UTC Jenkins security release addresses critical buffer corruption bug in Jetty 19 August 2020 at 11:31 UTC Intel Owl – OSINT tool automates the intel-gathering process using a single API 18 August 2020 at 15:38 UTC AWS launches open source tool to protect against HTTP request smuggling attacks 18 August 2020 at 14:23 UTC Apple security: Sophisticated Mac malware targets developers 18 August 2020 at 13:25 UTC Canadian government services forced offline after credential stuffing attacks 18 August 2020 at 10:25 UTC Google launches grand experiment with URL presentation in Chrome 86 17 August 2020 at 16:00 UTC Remote code execution vulnerability exposed in popular JavaScript serialization package 17 August 2020 at 12:44 UTC Blackbaud ransomware attack exposed donor data from two UK charities 17 August 2020 at 11:45 UTC Mail.ru Group’s Vladimir Dubrovin: Why bug bounties should be ‘part and parcel’ of the security process 14 August 2020 at 15:28 UTC Newly discovered APT group RedCurl offering hack-for-hire services, report warns 14 August 2020 at 14:30 UTC Hack_Right: Dutch cybercrime prevention program comes of age 14 August 2020 at 11:00 UTC Denial-of-Wallet attacks: How to protect against costly exploits targeting serverless setups 14 August 2020 at 09:52 UTC FireEye launches first public bug bounty program 13 August 2020 at 15:35 UTC Coronavirus: Fall in healthcare data breaches could be due to ‘pandemic distraction’ 13 August 2020 at 14:08 UTC TinyMCE suffers big XSS flaw 13 August 2020 at 12:33 UTC US DoJ to shut down 300 fraudulent websites exploiting coronavirus 13 August 2020 at 11:18 UTC California Privacy Rights Act: State poised to raise privacy bar with ‘CCPA 2.0’ 12 August 2020 at 16:32 UTC Medical records exposed in data breach at Illinois healthcare system 12 August 2020 at 15:00 UTC Upstream attacks on open source ecosystem up 400% as criminals seek to compromise applications at scale 12 August 2020 at 13:56 UTC Cat and mouse: Privacy advocates fight back after China tightens surveillance controls 11 August 2020 at 16:10 UTC WordPress 5.5 rolls out with auto-updates for plugins, themes 11 August 2020 at 14:35 UTC vBulletin zero-day vulnerability revealed, failed patch to blame 11 August 2020 at 12:37 UTC Artificial intelligence can stop IoT-based DDoS attacks in their tracks – research 11 August 2020 at 11:02 UTC Anatomy of a healthcare data breach dissected at Black Hat 2020 10 August 2020 at 15:52 UTC Top hacks from Black Hat and DEF CON 2020 10 August 2020 at 14:47 UTC Firefox 79: Latest browser release enables Enhanced Tracking Protection 2.0 by default 10 August 2020 at 12:51 UTC Mole in your network: Out-of-band exploitation framework showcased at Black Hat 2020 07 August 2020 at 15:50 UTC Data breach notification website Have I Been Pwned? will be open sourced – Troy Hunt 07 August 2020 at 15:01 UTC When TLS hacks you: Security friend becomes a foe 07 August 2020 at 12:48 UTC Black Hat 2020: xGitGuard uses AI to detect inadvertently exposed data on GitHub 07 August 2020 at 11:04 UTC Spooler alert: A decade after Stuxnet, Windows printer component still a playground for zero-days 06 August 2020 at 19:23 UTC Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 06 August 2020 at 16:07 UTC US government offers $10 million reward for information on cyber interference in elections 06 August 2020 at 14:30 UTC Black Hat USA: Open source post-exploitation framework automates silent RCE attacks on Windows devices 06 August 2020 at 13:17 UTC British Dental Association takes systems offline following ‘sophisticated cyber-attack’ 06 August 2020 at 12:52 UTC Black Hat 2020: New HTTP request smuggling variants levied against modern web servers 06 August 2020 at 12:02 UTC Black Hat 2020: Threagile toolkit enables code-driven threat modeling 06 August 2020 at 10:34 UTC ATTPwn: Adversary emulation tool allows pen testers to identify security holes before attackers do 05 August 2020 at 21:56 UTC KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020 05 August 2020 at 21:04 UTC Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack 05 August 2020 at 20:15 UTC How do you solve a problem like election security? Matt Blaze tackles the age-old question at Black Hat 2020 05 August 2020 at 19:46 UTC Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year 05 August 2020 at 12:10 UTC Malware developer pleads guilty for role in point-of-sale cybercrime spree 04 August 2020 at 15:27 UTC Microsoft and Google join industry coalition aimed at quashing open source security bugs 04 August 2020 at 14:23 UTC Coronavirus response: Hong Kong issues warning to businesses over body temperature data collection 04 August 2020 at 13:02 UTC Black Hat USA: Your guide to the top web hacking sessions in 2020 03 August 2020 at 16:52 UTC Google, WiCyS, SANS join forces to launch all-female information security scholarship 03 August 2020 at 13:37 UTC Prototype pollution bug in popular Node.js library leaves web apps open to DoS, remote shell attacks 03 August 2020 at 11:58 UTC