Archive - November 2021

Bug Bounty Radar // The latest bug bounty programs for December 2021 30 November 2021 at 17:19 UTC Panasonic admits data breach after attackers gain access to file server 30 November 2021 at 14:31 UTC HP printer vulnerabilities left enterprise networks open to abuse via ‘cross-site printing’ attack 30 November 2021 at 13:17 UTC Italian police crack down on fake Covid-19 vaccination passes 29 November 2021 at 16:48 UTC Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime 29 November 2021 at 14:35 UTC UK Department for Transport caught inadvertently serving pornographic content to site visitors 29 November 2021 at 12:32 UTC Ukrainian police expose international phone-hacking gang 26 November 2021 at 15:36 UTC Microsoft pushes ahead with controversial ‘buy now, pay later’ feature for Edge browser 26 November 2021 at 13:54 UTC Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack 26 November 2021 at 11:18 UTC New differential fuzzing tool reveals novel HTTP request smuggling techniques 25 November 2021 at 16:55 UTC WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws 25 November 2021 at 14:02 UTC Data breach at New Mexico healthcare business impacts 62,000 state residents 25 November 2021 at 12:13 UTC Decrypting diversity: One in five UK infosec professionals say they’ve experienced discrimination at work 24 November 2021 at 15:41 UTC Cyberstalking study: UK residents most accepting of spyware to track partners’ movements 24 November 2021 at 14:20 UTC VMware addresses SSRF, arbitrary file read flaws in vCenter Server 24 November 2021 at 13:33 UTC Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge 23 November 2021 at 17:22 UTC Research has come a long way, but gaps remain – security researcher Artur Janc on the state of XS-Leaks 23 November 2021 at 15:34 UTC GoDaddy managed WordPress hosting service breach exposed 1.2m user profiles 23 November 2021 at 13:56 UTC Wind turbine giant Vestas confirms data breach following ‘cybersecurity incident’ 22 November 2021 at 13:20 UTC NUCLEUS:13 – Host of vulnerabilities shatter Nucelus TCP/IP stack defenses 22 November 2021 at 11:09 UTC Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bounty 19 November 2021 at 15:45 UTC CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications 19 November 2021 at 14:38 UTC Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election 19 November 2021 at 13:22 UTC Tor Project unveils plans to route device traffic through Tor anonymity network with new VPN-like service 18 November 2021 at 16:20 UTC ‘Everyone is welcome’ – Microsoft security panel offers different perspectives on vulnerability disclosure process 18 November 2021 at 14:43 UTC Clubhouse launches bug bounty program with $3,000 on offer for critical vulnerabilities 18 November 2021 at 13:40 UTC Secure development: New and improved Linux Random Number Generator ready for testing 17 November 2021 at 16:59 UTC Vulnerabilities in NPM allowed threat actors to publish new version of any package 17 November 2021 at 14:32 UTC Belarusian hackers claim to have accessed full database of those crossing the country’s borders 17 November 2021 at 11:58 UTC Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities 16 November 2021 at 17:09 UTC Number of cyber-attacks infiltrating critical New Zealand networks soars 16 November 2021 at 15:26 UTC Server-side vulnerabilities in Concrete CMS put thousands of websites under threat 16 November 2021 at 14:11 UTC HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning 16 November 2021 at 11:58 UTC Microsoft fixes reflected XSS in Exchange Server 15 November 2021 at 16:28 UTC Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands 15 November 2021 at 15:40 UTC Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn 15 November 2021 at 14:52 UTC HTML smuggling: Fresh attack technique increasingly being used to target banking sector 12 November 2021 at 15:08 UTC Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies 12 November 2021 at 13:13 UTC Driftwood debuts: New open source tool hunts for leaked public-private key pairs 12 November 2021 at 12:12 UTC GoCD bug chain provides second springboard for supply chain attacks 11 November 2021 at 16:38 UTC Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth 11 November 2021 at 15:55 UTC Palo Alto GlobalProtect users urged to patch against critical vulnerability 11 November 2021 at 15:02 UTC Dependency Combobulator offers defense against namespace confusion attacks 11 November 2021 at 14:12 UTC ‘Add yourself as super admin’ – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover 11 November 2021 at 12:02 UTC Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters 10 November 2021 at 16:31 UTC Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure 10 November 2021 at 13:59 UTC Apache Storm maintainers patch two pre-auth RCE vulnerabilities 10 November 2021 at 11:46 UTC bZx crypto heist results in reported losses of more than $55 million 09 November 2021 at 15:46 UTC Security breach at trading platform Robinhood sparks phishing fears 09 November 2021 at 14:36 UTC Two men charged with deploying REvil ransomware attacks, targeting US government and businesses 09 November 2021 at 12:23 UTC Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits 08 November 2021 at 17:12 UTC Mozilla disables ‘low usage’ encryption feature to resolve Thunderbird HTTP/2 vulnerability 08 November 2021 at 16:13 UTC Campaigning lawyers launch counter-offensive against software patent trolls 08 November 2021 at 14:34 UTC Interpol issues arrest warrants for members of Clop ransomware gang 08 November 2021 at 13:47 UTC Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change 05 November 2021 at 15:47 UTC Cisco patches critical bug trio in Policy Suite and ONT networking devices 05 November 2021 at 14:37 UTC ‘Focus on brilliance at the basics’ – GitHub CSO Mike Hanley on shifting left and securing the software supply chain 05 November 2021 at 11:55 UTC US federal agencies ordered to patch hundreds of actively exploited vulnerabilities 04 November 2021 at 16:53 UTC Majority of consumer IoT vendors still lack vulnerability disclosure programs – report 04 November 2021 at 15:17 UTC Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software 04 November 2021 at 14:14 UTC Human rights activists condemn mass denial of service as Sudan’s nationwide internet shutdown enters second week 04 November 2021 at 12:55 UTC Mozilla debuts Site Isolation technology with Firefox update 03 November 2021 at 16:22 UTC Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features 03 November 2021 at 15:02 UTC RCE vulnerability found in Sitecore enterprise CMS software 03 November 2021 at 13:45 UTC NIST unveils draft criteria for ‘seal of approval’ scheme on consumer software security 02 November 2021 at 16:47 UTC Mitre-for-malware project MalAPI seeks community support 02 November 2021 at 15:22 UTC Data breach at US healthcare provider Viverant PT impacts more than 6,500 patients 02 November 2021 at 14:18 UTC Multiple flaws in telecoms stack software FreeSwitch uncovered 01 November 2021 at 16:42 UTC Bug Bounty Radar // The latest bug bounty programs for November 2021 01 November 2021 at 15:41 UTC Ransomware cybercriminals linked to Norsk Hydro attack fall prey to Europol swoop 01 November 2021 at 14:17 UTC