Archive - September 2020

Twelve years a threat: State-sponsored attackers up the ante with new Taidoor malware strain 30 September 2020 at 16:27 UTC Bug Bounty Radar // The latest bug bounty programs for September 2020 30 September 2020 at 15:48 UTC Credential stuffing attacks: How to protect your accounts from being compromised 30 September 2020 at 12:40 UTC Flaw in Medium Partner Program allowed attackers to steal writers’ earnings 29 September 2020 at 14:28 UTC Prototype pollution vulnerability left bug bounty platform HackerOne open to attack 29 September 2020 at 13:33 UTC Collision avoidance: OpenSSH lays out plans to ditch aging SHA-1 hashing algorithm 29 September 2020 at 10:35 UTC Scouts Victoria reports data breach after employee duped by phishing campaign 28 September 2020 at 14:28 UTC EU cybersecurity funding initiative aims to boost threat intel, certification sectors 28 September 2020 at 12:43 UTC ‘I’m not a fan of critical bugs’ – Santiago Lopez on his route to becoming the world’s first bug bounty millionaire 25 September 2020 at 15:35 UTC Multiple vulnerabilities in Pandora FMS could trigger remote execution attack 25 September 2020 at 14:15 UTC Gamers fragged by surge in credential stuffing attacks during lockdown 25 September 2020 at 13:05 UTC Portland passes landmark private sector facial recognition technology ban 24 September 2020 at 15:34 UTC Tiny Tiny RSS developers act promptly to resolve Big Big security problems 24 September 2020 at 13:02 UTC Two men arrested in connection with ‘sophisticated’ smishing campaign targeting Australian citizens 24 September 2020 at 11:03 UTC ‘OldGremlin’ in the system: Russian-speaking ransomware group defies ‘unspoken rule’ against attacks on home soil 23 September 2020 at 16:04 UTC Tennessee healthcare data breach impacts 235,000 patients 23 September 2020 at 14:30 UTC Quantum encryption – the devil is in the implementation 23 September 2020 at 13:18 UTC Security researchers resolve crypto flaws in JHipster apps 23 September 2020 at 11:27 UTC Hundreds arrested in Europol-assisted dark web vendor takedown 22 September 2020 at 15:14 UTC Coronavirus pandemic supercharges security bug bounty market 22 September 2020 at 14:33 UTC Growing ‘cultural divide’ between DevOps and AppSec workers could lead to less secure software – report 22 September 2020 at 12:56 UTC Youth unemployment risks fueling Indian cybercrime boom 22 September 2020 at 12:21 UTC Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 21 September 2020 at 17:03 UTC Online ID verification challenges heightened by coronavirus social distancing rules – Interpol 21 September 2020 at 14:03 UTC Critical Aruba ClearPass RCE vulnerability exposes underlying systems 21 September 2020 at 12:42 UTC Node.js applications open to prototype pollution attacks via legacy function in popular encryption library 21 September 2020 at 11:28 UTC Darknet markets likely to continue despite exit scams and law enforcement takedowns 18 September 2020 at 14:38 UTC Drupal patches ‘critical’ reflected XSS bug and other security flaws 18 September 2020 at 12:24 UTC Action View: XSS bug discovered in popular Ruby Gem 18 September 2020 at 10:54 UTC CCPA regulations go live, ushering in tighter data privacy controls for California residents 17 September 2020 at 17:44 UTC Libinjection’s SQL injection defenses cracked 17 September 2020 at 15:32 UTC Polish university fined over breach after employee used personal device to process student data 17 September 2020 at 13:51 UTC Iranian cybercrime duo charged with multiple US hacking offenses 17 September 2020 at 11:52 UTC European babycare retailer Windeln.de flags data exposure incident 16 September 2020 at 15:32 UTC Blackbaud hack: US healthcare organizations confirm data breach impacted 190,000 patients 16 September 2020 at 14:15 UTC New tool offers server-side censorship circumvention 16 September 2020 at 11:10 UTC SSRF flaw in Acronis data storage kit creates vector for malware-laden user notifications 15 September 2020 at 15:35 UTC Zerologon: Netlogon cryptographic weakness has critical impact on enterprise servers 15 September 2020 at 14:00 UTC Secure development: ‘Shift left’ becomes ‘shift everywhere’ thanks to increased adoption of automated security tools 15 September 2020 at 13:06 UTC Databases, cloud storage, and more at risk from exposed access keys 15 September 2020 at 12:15 UTC Public Health Wales data incident leaks Covid-19 test results of 18,000 residents 15 September 2020 at 11:23 UTC Vulnerability in WordPress email marketing plugin patched 14 September 2020 at 15:52 UTC ModSecurity maintainers contest denial-of-service vulnerability claims 14 September 2020 at 14:43 UTC Internal Facebook systems exposed via unpatched Apache library 14 September 2020 at 13:43 UTC Nation-state attacks linked to the US election have already begun, warns Microsoft 11 September 2020 at 15:38 UTC ‘I thought it was a complete fluke’ – Katie Paxton-Fear on her bug bounty baptism and why AI will never fully replace security researchers 11 September 2020 at 14:02 UTC Internet Society launches toolkit to safeguard open, secure ‘network of networks’ 11 September 2020 at 13:02 UTC ZShlayer: New macOS malware variant obfuscates scripts to slip past security tools 11 September 2020 at 11:20 UTC Difficult-to-execute attack could break TLS encryption in rare circumstances 10 September 2020 at 16:18 UTC The top 10 best hacker-themed books of all time 10 September 2020 at 14:32 UTC Europe falling behind the US and China on cybersecurity funding, expertise 10 September 2020 at 12:12 UTC Changes to Japan’s data privacy law echo Europe’s GDPR 10 September 2020 at 09:45 UTC HTTP request smuggling: HTTP/2 opens a new attack tunnel 09 September 2020 at 15:58 UTC DDoS attacks against SwissSign prompt temporary CA switch for ProtonMail 09 September 2020 at 14:47 UTC Microsoft addresses critical SharePoint and DNS-related flaws in Patch Tuesday update 09 September 2020 at 13:12 UTC Chipmaker Tower Semiconductor recovers from mystery cyber-attack 08 September 2020 at 15:52 UTC Majority of top cybersecurity organizations have leaked data on dark web – report 08 September 2020 at 14:24 UTC Ransomware attacks against SMEs fall sharply in Southeast Asia 08 September 2020 at 11:33 UTC Mozilla offers blueprint for a better internet ahead of EU Digital Services Act 07 September 2020 at 16:29 UTC Baka credit card skimmer bundles stealth, anti-detection capabilities, warns Visa 07 September 2020 at 15:22 UTC Service NSW confirms 186,000 customers’ data breached in cyber-attack 07 September 2020 at 11:06 UTC DDoS extortionists posing as cyberspies to run blackmail scam 04 September 2020 at 15:58 UTC Quantum leap forward in cryptography could make niche technology mainstream 04 September 2020 at 14:34 UTC TLS certificate lifespan cut short: A win for security, or cause for chaos? 04 September 2020 at 12:45 UTC Squid proxy addresses web cache poisoning vulnerability with latest release 04 September 2020 at 11:10 UTC US federal agencies required to launch security vulnerability disclosure policies 03 September 2020 at 14:50 UTC Apps built using Go could be vulnerable to XSS exploits 03 September 2020 at 12:46 UTC Google Cloud API bug leaks private project information 03 September 2020 at 11:40 UTC Facebook class action lawsuit could pave way for biometric privacy laws across the US 02 September 2020 at 14:04 UTC WordPress security: Zero-day flaw in File Manager plugin actively exploited 02 September 2020 at 11:44 UTC AlphaBay dispute mediator jailed for 11 years 02 September 2020 at 10:30 UTC Bug Bounty Radar // The latest bug bounty programs for August 2020 01 September 2020 at 16:30 UTC Flaw allowed adware slingers to slip past Apple’s approval protocol 01 September 2020 at 14:00 UTC Critical vulnerability in Slack desktop app could lead to remote code execution 01 September 2020 at 10:50 UTC