Archive - January 2021

NAT slipstreaming reloaded: Twist on new technique exposes all network devices to the web 29 January 2021 at 16:51 UTC Vulnerabilities in open source streaming platforms YouPHPTube and AVideo could lead to RCE 29 January 2021 at 13:44 UTC Machine learning offers fresh approach to tackling SQL injection vulnerabilities 29 January 2021 at 11:43 UTC Domain for popular programming website Perl.com stolen in ‘hack’ 28 January 2021 at 16:35 UTC Online gaming platform VIP Games exposes 23 million data records on misconfigured server 28 January 2021 at 15:12 UTC Potential remote code execution vulnerability uncovered in Node.js apps 28 January 2021 at 13:45 UTC Blind TCP/IP hijacking is resurrected for Windows 7 28 January 2021 at 11:39 UTC Firefox 85 protects against supercookie tracking, removes Adobe Flash Player 27 January 2021 at 15:19 UTC Grindr fined $10m for ‘grave’ GDPR violations by Norwegian privacy watchdog 27 January 2021 at 13:19 UTC Call for feedback – Daily Swig reader survey 27 January 2021 at 12:00 UTC Prominent cybersecurity researchers among those targeted in North Korean hacking campaign 26 January 2021 at 15:49 UTC Nmap project becomes latest victim of Google’s ‘wrongful blocking’ of cybersecurity resources 26 January 2021 at 12:10 UTC SonicWall updates users after ‘highly sophisticated’ cyber-attack leverages zero-day vulnerabilities 25 January 2021 at 15:29 UTC Intel issues earnings report early after sensitive data was ‘inadvertently made publicly accessible’ 25 January 2021 at 14:15 UTC KEMTLS: Cloudflare trials new encryption mechanism in anticipation of post-quantum TLS shortcomings 25 January 2021 at 12:58 UTC Hackers actively scanning for vulnerable SAP systems after exploit gets dropped on GitHub 22 January 2021 at 17:30 UTC Russian ‘security researcher’ pleads guilty to running cybercrime e-commerce platform Deer.io 22 January 2021 at 15:38 UTC Internet industry group i2Coalition throws weight behind illegal VPN crackdown 22 January 2021 at 14:21 UTC KindleDrip: Critical vulnerabilities in Amazon Kindle e-reader gave attackers free rein over user accounts 21 January 2021 at 16:45 UTC Imminent Joker’s Stash demise likely to spawn growth of rival cybercrime forums 21 January 2021 at 15:42 UTC Pwnable Document Format: Windows PDF viewers outperformed by browser, macOS, Linux counterparts 21 January 2021 at 15:13 UTC ‘Train the basics’ – Bug bounty hunter ‘Xel’ on forging a lucrative career in ethical hacking 21 January 2021 at 14:06 UTC Details of YouTube viewing history exposure bug made public 20 January 2021 at 17:52 UTC Magecart attacks in 2021: Cat-and-mouse game continues between cybercrooks, researchers, law enforcement 20 January 2021 at 14:26 UTC US spinal care practice among first to issue healthcare data breach warning in 2021 20 January 2021 at 12:41 UTC Shazam! Vulnerability in popular music app could leak your location data with a single malicious URL 19 January 2021 at 16:04 UTC Incoming Biden administration looks to shake up US cybersecurity policy 19 January 2021 at 14:56 UTC Mind the (skills) gap: Cybersecurity talent pool must expand to take advantage of quantum computing opportunities 18 January 2021 at 16:01 UTC VoIP vulnerability: CoTURN patches access control protection bypass 18 January 2021 at 15:13 UTC Security pro seizes expired DR Congo top-level domain, takes over 50% of DNS traffic 18 January 2021 at 12:43 UTC Security researchers earn $50k after exposing critical flaw in Apple travel portal 15 January 2021 at 16:40 UTC Cisco fixes clutch of high-impact bugs in latest patch cycle 15 January 2021 at 13:54 UTC Reserve Bank of New Zealand apologizes for ‘significant’ data breach 15 January 2021 at 12:28 UTC Intigriti launches EU-backed bug bounty program for Matrix secure communications tool 14 January 2021 at 16:17 UTC Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware 14 January 2021 at 14:55 UTC French cybersecurity non-profit Luatix strengthens its open source development capabilities with ANSSI partnership 14 January 2021 at 12:58 UTC Critical zero-day RCE in Microsoft Office 365 awaits third security patch 13 January 2021 at 16:11 UTC Browser security briefing: Google and Mozilla lay the groundwork for a ‘post-XSS world’ 13 January 2021 at 14:44 UTC Misconfigurations in Spring Data projects could leave web apps open to abuse 13 January 2021 at 12:20 UTC Ubiquiti urges password reset in response to third-party breach 12 January 2021 at 15:45 UTC This NXP side-channel attack can clone Google Titan 2FA keys 12 January 2021 at 13:28 UTC GitLab addresses numerous vulnerabilities in latest security release 12 January 2021 at 12:17 UTC Facebook flaw meant attackers could create invisible posts on any verified page 11 January 2021 at 16:18 UTC CrackQ tool adds GUI, analysis features to Hashcat password-cracking platform 11 January 2021 at 14:39 UTC Data breach at New Zealand’s Reserve Bank after third-party service hack 11 January 2021 at 12:53 UTC Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor 08 January 2021 at 17:07 UTC Russian cybercriminal sentenced to 12 years for ‘massive hacking campaign’ impacting 100 million US citizens 08 January 2021 at 14:30 UTC NSA advises defense, national security supply chain on replacing deprecated encryption protocols 08 January 2021 at 13:19 UTC National security concerns raised as Trump loyalists storm US Capitol 07 January 2021 at 16:06 UTC Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks 07 January 2021 at 14:24 UTC Substandard software costs US economy $2tn through security flaws, legacy systems, abandoned projects 06 January 2021 at 16:32 UTC Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks 06 January 2021 at 15:34 UTC QR code security: Best approaches to using the technology safely and securely 06 January 2021 at 13:08 UTC Oculus, Facebook account takeovers net security researcher $30,000 bug bounty 05 January 2021 at 15:28 UTC Node.js update addresses high severity HTTP request smuggling, memory corruption bugs 05 January 2021 at 14:03 UTC Google Docs bug allowed cyber-spies to screenshot private documents 05 January 2021 at 11:50 UTC ‘Critical’ RCE, account takeover flaws patched in Rock RMS church management platform 04 January 2021 at 16:24 UTC Microsoft downplays threat after admitting SolarWinds attackers accessed source code 04 January 2021 at 14:49 UTC T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information 04 January 2021 at 13:25 UTC