Archive - October 2021

All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle 29 October 2021 at 15:45 UTC Trickbot arrest: Russian national extradited to US for alleged role in developing notorious banking trojan 29 October 2021 at 13:21 UTC Google, Salesforce, others team up to launch MVSP security baseline project 29 October 2021 at 12:35 UTC ‘Inaction isn’t an option’ – US lawmakers back mandatory standards for transport and logistics cybersecurity 29 October 2021 at 10:30 UTC WordPress plugin vulnerability opened up one million sites to remote takeover 28 October 2021 at 15:14 UTC Critical flaw in GoCD provides platform for supply chain attacks 28 October 2021 at 14:25 UTC Video conferencing platforms must improve privacy for users, data protection authorities warn 28 October 2021 at 11:27 UTC ‘Professional cybercriminals’ blamed for DDoS attacks against UK telecoms providers 27 October 2021 at 15:34 UTC Data breach at Colorado university impacts 30,000 students 27 October 2021 at 14:15 UTC Attack the block – How a security researcher cracked 70% of urban WiFi networks in one hit 27 October 2021 at 13:19 UTC Infosec skills gap widens in all regions bar Asia-Pacific – report 26 October 2021 at 15:44 UTC SQL injection flaw in billing software app tied to US ransomware infection 26 October 2021 at 14:54 UTC Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat 26 October 2021 at 14:26 UTC Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware 25 October 2021 at 16:01 UTC Discourse fixes critical validation-related vulnerability in forum software 25 October 2021 at 15:10 UTC Polygon pays out record $2 million bug bounty reward for critical vulnerability 25 October 2021 at 14:15 UTC Node.js sandboxes are open to prototype pollution 22 October 2021 at 14:58 UTC Swiss exhibitions organizer MCH Group hit by cyber-attack 22 October 2021 at 12:46 UTC Japanese punctuation exacerbates privacy flaw that leaks one-word search terms in Google, Firefox browsers 22 October 2021 at 11:31 UTC EU ban on anonymous domain registration welcomed by threat intel firm 22 October 2021 at 10:31 UTC New bug bounty platform launches for Indian ethical hackers 21 October 2021 at 15:00 UTC Bulletproof hosting duo jailed over support of cyber-attacks against US targets 21 October 2021 at 13:34 UTC Security pre-advisories: A simple way to improve the patch management process 21 October 2021 at 12:02 UTC Historic scientific notation bug foils WAF defenses 20 October 2021 at 15:12 UTC Slack contains an XS-Leak vulnerability that de-anonymizes users 20 October 2021 at 12:25 UTC (ISC)² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap 19 October 2021 at 15:55 UTC L0phtCrack password auditing tool goes open source 19 October 2021 at 15:01 UTC Node.js was vulnerable to a novel HTTP request smuggling technique 18 October 2021 at 15:16 UTC Bugs in malware create ‘backdoors’ for security researchers 18 October 2021 at 12:56 UTC Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers 18 October 2021 at 11:18 UTC Missouri governor criticized for confusing vulnerability disclosure with criminal hacking 15 October 2021 at 14:47 UTC Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access 15 October 2021 at 12:41 UTC Dutch police warn DDoS-for-hire customers to desist or face prosecution 14 October 2021 at 15:29 UTC Israeli hospital cancels non-urgent procedures following ransomware attack 14 October 2021 at 13:42 UTC Git providers revoke weak keys generated in vulnerable GitKraken crypto library 14 October 2021 at 12:32 UTC Unresolved GitHub Actions flaw allows code to be approved without review 13 October 2021 at 15:47 UTC ‘Find out what sparks joy’ – YouTube educator and security expert Katie Paxton-Fear on carving out a successful infosec career 13 October 2021 at 13:57 UTC Nagios XI updated to address trio of security vulnerabilities 13 October 2021 at 13:04 UTC Firefox Suggest lands in the US, bringing ads to the browser search bar 13 October 2021 at 10:12 UTC Google distributing 10,000 security keys to journalists, elected officials, human rights activists 12 October 2021 at 16:10 UTC NSA warns of heightened wildcard TLS certificate risk 12 October 2021 at 15:42 UTC Chinese phone manufacturer ZTE launches public bug bounty program 12 October 2021 at 13:36 UTC Ransomware forensics research reveals cybercrime tradecraft secrets 11 October 2021 at 15:25 UTC Ransom Disclosure Act: US bill mandates organizations to report ransomware payments 11 October 2021 at 14:02 UTC Oregon Eye Specialists discloses data breach following employee email compromise 11 October 2021 at 12:25 UTC Hong Kong’s anti-doxxing law comes into force despite human rights criticism 08 October 2021 at 15:06 UTC Apache HTTP Server update fails to squash path traversal, RCE bugs 08 October 2021 at 13:29 UTC Twitch breach leads to leak of source code and streamer earnings data 07 October 2021 at 14:28 UTC Apache Ranger maintainers slam unflattering cloud data security comparison with Immuta 07 October 2021 at 13:34 UTC MyBB CAPTCHA bug breaks forum validation checks 07 October 2021 at 10:22 UTC OPPA: Ohio could become the third US state to enact a new consumer privacy law in 2021 06 October 2021 at 15:41 UTC Multiple XSS vulnerabilities in child monitoring app Canopy ‘could risk location leak’ 06 October 2021 at 14:25 UTC Firefox 93 lands with HTTP download blocking, new user privacy features 06 October 2021 at 13:36 UTC US clothing brand Next Level Apparel reports phishing-related data breach 06 October 2021 at 11:03 UTC Embedded insecurity: Broadcom SDK vulnerabilities create lingering risk for router manufacturers 05 October 2021 at 16:02 UTC Apache HTTP Server devs issue fix for critical data leak vulnerability – update now 05 October 2021 at 15:21 UTC OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug 05 October 2021 at 12:35 UTC Safari adds strict CSP support, catches up with other leading browsers 05 October 2021 at 11:09 UTC Let’s Encrypt root cert update catches out many big-name tech firms 04 October 2021 at 16:20 UTC Cryptocurrency funds removed from 6,000 Coinbase accounts due to flaw in SMS authentication 04 October 2021 at 14:09 UTC ‘Prolific’ ransomware operators arrested in Ukraine – Europol 04 October 2021 at 11:36 UTC Prototype pollution vulnerabilities rife among high-traffic websites, study finds 01 October 2021 at 15:03 UTC Malicious hackers are exploiting known vulnerabilities because organizations aren’t quick enough to patch – report 01 October 2021 at 13:39 UTC US retailer Neiman Marcus notifies 4.6 million customers of data breach 01 October 2021 at 11:30 UTC