Archive - February 2021

Sketchy Firefox browser extension used to spy on Tibetans’ email accounts 26 February 2021 at 15:36 UTC VMware fixes vCenter RCE bug – 6,000-plus servers potentially at risk as attackers probe systems 26 February 2021 at 13:45 UTC Cybersecurity conferences 2021: A schedule of virtual, and potentially in-person or ‘hybrid’, events 25 February 2021 at 17:36 UTC Say my CNAME: Rise of sneaky adtech tactic poses threat to web security and privacy 25 February 2021 at 15:02 UTC Indian cyber-espionage activity rising amid growing rivalry with China, Pakistan 25 February 2021 at 12:04 UTC H2C smuggling named top web hacking technique of 2020 24 February 2021 at 17:10 UTC The criminal element: Cybercrime cases in the Netherlands more than doubled in 2020 24 February 2021 at 14:55 UTC Nginx: Server misconfigurations found in the wild that expose websites to attacks 24 February 2021 at 13:13 UTC Bad education: Universities struggle to defend against surging cyber-attacks during coronavirus pandemic 23 February 2021 at 17:18 UTC Popular Node.js package vulnerable to command injection attacks 23 February 2021 at 15:01 UTC Access all areas: Flourishing trade for black hats who specialize in the initial breach of organizations exposed 23 February 2021 at 13:44 UTC Filipino credit app Cashalo suffers data breach 23 February 2021 at 12:43 UTC Tackling UK cyber fraud requires greater collaboration between public and private sectors – report 22 February 2021 at 16:45 UTC Center of excellence established to fight DNS abuse 22 February 2021 at 15:52 UTC ServiceNow admin credentials among hundreds of passwords exposed in cloud security blunder 22 February 2021 at 13:21 UTC Dependency confusion attack mounted via PyPi repo exposes flawed package installer behavior 19 February 2021 at 16:40 UTC ‘In security, every problem is different’ – Offensive Security’s Ning Wang on training the next generation of infosec pros 19 February 2021 at 15:51 UTC Brave browser’s Tor feature found to leak .onion queries to ISPs 19 February 2021 at 14:27 UTC Internet registry RIPE NCC warns of credential stuffing attack 19 February 2021 at 13:24 UTC BIND implements DNS-over-HTTPS to offer enhanced privacy 18 February 2021 at 16:30 UTC CDPA: Virginia’s new Consumer Data Protection Act heralds start of another busy year for US privacy legislators 18 February 2021 at 14:55 UTC Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper 18 February 2021 at 13:08 UTC IT services firm Centreon downplays reports of backdoor software vulnerabilities linked to Russian hacking group Sandstorm 17 February 2021 at 15:35 UTC From ‘Forbes 30 under 30’ to jail – Nigerian phishing fraudster gets 10 years in US prison 17 February 2021 at 14:21 UTC Centris: New tool helps prevent software supply chain attacks by flagging modified open source components 17 February 2021 at 13:14 UTC Hoffman Construction shores up its defense systems after employee healthcare data breach 16 February 2021 at 16:14 UTC SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits 16 February 2021 at 15:30 UTC Measuring risk: Organizations urged to choose defense-in-depth over CVE whack-a-mole 16 February 2021 at 13:17 UTC UK cryptocurrency exchange EXMO knocked offline by ‘massive’ DDoS attack 16 February 2021 at 12:26 UTC Joker’s Stash closure kicks off competition for a successor 15 February 2021 at 16:02 UTC Ukrainian citizen arrested over huge international phishing campaign spanning 11 countries 15 February 2021 at 14:46 UTC Dax-Côte d’Argent hospital in France hit by ransomware attack 15 February 2021 at 14:05 UTC Palo Alto firewall software vulnerability quartet revealed 12 February 2021 at 16:55 UTC Telegram for macOS failed to self-destruct messages on local devices 12 February 2021 at 15:50 UTC Ukrainian citizen jailed for role in cybercrime spree that leeched $3m from US businesses 12 February 2021 at 12:41 UTC Secure communication: Beleaguered Hong Kong dissidents seek refuge on ‘digital underground’ 11 February 2021 at 16:28 UTC Blocked accounts abused in Evolution CMS SQL injection attacks 11 February 2021 at 15:29 UTC Australian research institute confirms ‘likely’ data breach after third-party Accellion hack 11 February 2021 at 13:30 UTC Software supply chain attacks – everything you need to know 11 February 2021 at 12:31 UTC Magento security: Multiple critical flaws give e-commerce sites ample reason to update 10 February 2021 at 17:06 UTC Researcher hacks Apple, Microsoft, and other major tech companies in novel supply chain attack 10 February 2021 at 15:04 UTC Call for comments: European Data Protection Board lays out data breach notification guidelines for organizations 10 February 2021 at 12:29 UTC Malware slingers step up efforts to target gamers on Discord 10 February 2021 at 11:25 UTC WordPress security flaws: 800,000 sites running NextGen Gallery plugin potentially vulnerable to pwnage 09 February 2021 at 16:44 UTC Cyberpunk 2077 developers held to ransom after cyber-attack, source code theft 09 February 2021 at 15:31 UTC Container security: Privilege escalation bug patched in Docker Engine 09 February 2021 at 12:47 UTC Ransom-related DDoS attacks rise from the dead as attack vectors diversify 08 February 2021 at 17:58 UTC Tokyo Gas discloses data breach impacting anime-style dating simulation game 08 February 2021 at 14:39 UTC Experian investigating data breach claims in Brazil 08 February 2021 at 13:09 UTC Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims 05 February 2021 at 14:52 UTC Hack against older Nespresso vending machines facilitates endless free beverage exploit 05 February 2021 at 11:28 UTC CacheFlow: Malware hidden in popular browser extensions went undetected for years 04 February 2021 at 16:31 UTC Zeoticus 2.0 ransomware raises stakes with C2-free execution, supercharged encryption 04 February 2021 at 15:08 UTC Third mutation XSS bug patched in Mozilla Bleach library 04 February 2021 at 12:15 UTC Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack 03 February 2021 at 15:45 UTC Florida Healthy Kids blames health insurance data breach on third-party hack 03 February 2021 at 15:17 UTC DARPA bug bounty helps strengthen military research agency’s security defenses 03 February 2021 at 13:41 UTC Playing Fetch: New XS-Leak exploits browser redirects to break user privacy 03 February 2021 at 12:25 UTC Apple debuts privacy-friendly WebKit tech to measure click-through ad campaigns 02 February 2021 at 17:06 UTC Zero-day vulnerability in SonicWall products actively exploited in the wild 02 February 2021 at 13:55 UTC Vue to a kill: XSS vulnerability in Vue.js revealed 01 February 2021 at 17:22 UTC German armed forces reveals encouraging start to security vulnerability disclosure program 01 February 2021 at 15:04 UTC British Mensa website hacked after directors quit over ‘data protection failures’ 01 February 2021 at 13:13 UTC