Archive - March 2021

Vulnerabilities in Single Sign-On services could be abused to bypass authentication controls 31 March 2021 at 14:37 UTC French certification scheme for infosec service providers off to promising start 31 March 2021 at 13:03 UTC Latest web hacking tools – Q1 2021 31 March 2021 at 10:33 UTC Indian payment provider MobiKwik denies 8.2 TB data breach 31 March 2021 at 09:12 UTC Ransomware: Nearly a fifth of victims who pay off extortionists fail to get their data back 30 March 2021 at 15:24 UTC Serious Netmask vulnerability found to affect three Perl IP modules 30 March 2021 at 12:10 UTC Nzyme: A WiFi defense system for detecting ‘bandit’ devices 30 March 2021 at 09:56 UTC SSRF vulnerability in NPM package Netmask impacts up to 279k projects 29 March 2021 at 16:10 UTC 5G network slicing flaws pose denial-of-service, data theft risk 29 March 2021 at 15:12 UTC Backdoor planted in PHP Git repository after server hack 29 March 2021 at 12:00 UTC Fake Covid-19 vaccines pose ‘serious health hazard’, warns Interpol 26 March 2021 at 15:30 UTC US man charged with orchestrating 2016 DDoS attack that disrupted services in New York 26 March 2021 at 13:40 UTC Isn’t it ironic: Exploiting GDPR laws to gain access to personal data 26 March 2021 at 11:58 UTC Security researcher launches GoFundMe campaign to fight legal threat over vulnerability disclosure 25 March 2021 at 18:02 UTC Cloudflare launches JavaScript dependency dashboard utility to warn against Magecart-style malfeasance 25 March 2021 at 16:28 UTC Microsoft Teams is the first target for new app-focused bug bounty program 25 March 2021 at 13:03 UTC H2C smuggling proves effective against Azure, Cloudflare Access, and more 24 March 2021 at 16:55 UTC Mozilla tightens Firefox’s HTTP referrer header controls to boost privacy 24 March 2021 at 16:14 UTC IoT vendor Sierra Wireless suffers ransomware attack, production halted 24 March 2021 at 14:12 UTC EU cybersecurity strategy: Coronavirus, supply chain attacks highlight ‘lack of coordination’ among member states 24 March 2021 at 11:59 UTC Healthcare data breach fears raised as US orthopedic clinic admits leaving patient records on insecure server 23 March 2021 at 15:45 UTC Explainer: What does the UK’s Integrated Review mean for cybersecurity? 23 March 2021 at 13:38 UTC Facebook awards $55k bug bounty for third-party vulnerabilities that could compromise its internal network 23 March 2021 at 11:56 UTC Space jam: Researchers and satellite start-ups meet to discuss celestial cybersecurity 22 March 2021 at 16:45 UTC MangaDex website taken offline following cyber-attack, data breach 22 March 2021 at 14:23 UTC GitHub awards bug bounty hunter $25,000 for Actions secrets theft report 22 March 2021 at 13:06 UTC GE patches serious vulnerabilities in UR power management devices 19 March 2021 at 15:50 UTC GitHub releases post-mortem on race condition vulnerability that forced global user sign-out 19 March 2021 at 12:12 UTC Chained vulnerabilities used to take control of MyBB forums 18 March 2021 at 17:14 UTC Google awards Uruguayan researcher $133,337 top prize in cloud security competition 18 March 2021 at 16:29 UTC Cypriot hacker who extorted website owners by threatening to leak stolen data is jailed 18 March 2021 at 15:13 UTC Penetration testing of enterprise systems more prevalent than ever due to remote working during Covid-19 pandemic 18 March 2021 at 14:01 UTC Microsoft blames crypto key rotation snafu for 365 outage 17 March 2021 at 16:48 UTC Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information 17 March 2021 at 14:25 UTC Spectre attacks against websites still a serious threat, Google warns 17 March 2021 at 12:10 UTC UK defense and foreign policy review places ‘cyber’ front and center 16 March 2021 at 16:55 UTC DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping 16 March 2021 at 16:01 UTC Fastway data breach: Security incident at Irish courier impacts more than 440,000 parcel recipients 16 March 2021 at 14:02 UTC The age of Covid-19: Lockdowns and cybersecurity, 12 months on 16 March 2021 at 12:59 UTC Pwning the pen tester: Malicious Wireshark packet capture file risk revealed 15 March 2021 at 16:50 UTC LocalStack zero-day vulnerabilities chained to achieve remote takeover of local instances 15 March 2021 at 13:55 UTC Shorteners – new tool allows researchers, orgs to search for exposed shortened URLs 15 March 2021 at 12:10 UTC US Congresswoman proposes national data privacy law 12 March 2021 at 16:20 UTC Regexploit tool unveiled with a raft of ReDoS bugs already on its resume 12 March 2021 at 15:04 UTC Linux community project aims to tackle dependency confusion attacks with easy code signing, verification 11 March 2021 at 16:40 UTC Tsao vs. Captiva – How a US data breach court case could have major impact on the legal definition of ‘harm’ 11 March 2021 at 15:28 UTC Critical RCE bug patched in Netgear ProSAFE Plus switches 11 March 2021 at 14:45 UTC Bitcoin exchange Sovryn launches record $1.25m bug bounty program 11 March 2021 at 11:30 UTC SAP addresses critical double trouble as Microsoft patches obsolete Internet Explorer 10 March 2021 at 16:43 UTC Git vulnerability could enable remote code execution attacks during clone process 10 March 2021 at 15:30 UTC Database destruction vulnerability patched in old Kentico CMS build 10 March 2021 at 14:22 UTC Abuse.ch creator launches ThreatFox, a platform for sharing malware indicators of compromise 10 March 2021 at 13:13 UTC All mapped out: Researchers uncover hidden flaws in Apple’s offline ‘find my device’ feature 09 March 2021 at 16:16 UTC Williams Racing aborts plans to unveil new F1 car via augmented reality app following hack 09 March 2021 at 14:02 UTC GitHub users forcibly logged out of accounts to patch ‘potentially serious’ security bug 09 March 2021 at 12:07 UTC Data breach at healthcare provider Elara Caring exposes 100,000 patients’ information 08 March 2021 at 16:30 UTC UK cybersecurity spending on the rise despite pandemic-induced budget cuts 08 March 2021 at 15:34 UTC Ransomware attacks more than doubled last year as cybercrime operations scale up during coronavirus pandemic 08 March 2021 at 14:28 UTC Open source software repositories play ‘whack-a-mole’ as ‘dependency confusion’ copycats exceed 5,000 05 March 2021 at 16:18 UTC Remote code execution vulnerability patched in Micro Focus Operations Bridge Reporter 05 March 2021 at 13:30 UTC Open source tool SerialDetector speeds up discovery of .Net deserialization bugs 05 March 2021 at 12:17 UTC Prime-factor mathematical foundations of RSA cryptography ‘broken’, claims cryptographer 04 March 2021 at 16:52 UTC Shields down: Canadian internet authority’s DNS filtering service broke SSL on iOS 04 March 2021 at 15:48 UTC More than half of women in infosec are treated unequally to male colleagues due to ‘blatant sexism’ in the workplace – report 04 March 2021 at 14:15 UTC Dispute rages over ModSecurity 3 WAF ‘bypass risk’ 04 March 2021 at 12:30 UTC Vulnerabilities in Smarty PHP template engine renders popular CMS platforms open to abuse 03 March 2021 at 16:34 UTC Research: How JSON parsers can create security risks when it comes to interoperability 03 March 2021 at 12:17 UTC WordPress 5.7 offers ‘one-click’ HTTP to HTTPS site upgrade feature 02 March 2021 at 16:31 UTC Xerox legal threat reportedly silences researcher at Infiltrate security conference 02 March 2021 at 15:10 UTC Oxfam Australia confirms data breach after supporters’ details ‘unlawfully accessed’ 02 March 2021 at 13:44 UTC Bug Bounty Radar // The latest bug bounty programs for March 2021 01 March 2021 at 16:22 UTC Suspicious finds: Researcher discovers Go typosquatting package that relays system information to Chinese tech firm 01 March 2021 at 15:39 UTC Data analytics agency Polecat held to ransom after server exposed 30TB of records 01 March 2021 at 11:15 UTC