Archive - April 2021

UK Computer Misuse Act: Lord Chris Holmes CBE on the CyberUp campaign’s call to overhaul ‘archaic’ legislation 30 April 2021 at 15:37 UTC Bug Bounty Radar // The latest bug bounty programs for May 2021 30 April 2021 at 14:01 UTC Stored XSS vulnerability patched in open source firewall pfSense 30 April 2021 at 10:58 UTC Raising the bar: Tiki app aims to hand ownership of personal data back to the individual 29 April 2021 at 17:26 UTC Time to update DNS servers to defend against brace of serious BIND vulnerabilities 29 April 2021 at 13:56 UTC Covid-19, breath alcohol test results of 164,000 Wyoming residents mistakenly exposed on GitHub 29 April 2021 at 12:49 UTC Google Android’s implementation of privacy-preserving contact tracing ‘flawed’ 28 April 2021 at 16:00 UTC Musical instrument marketplace Reverb suffers data breach 28 April 2021 at 12:30 UTC VSCode integration with Mitre ATT&CK framework allows security researchers to maintain focus 28 April 2021 at 11:05 UTC GoAhead devs fix null byte injection vulnerability in embedded web server 27 April 2021 at 16:32 UTC WordPress XXE injection vulnerability could allow attackers to remotely steal host files 27 April 2021 at 15:01 UTC Machine learning security vulnerabilities are a growing threat to the web, report highlights 27 April 2021 at 12:57 UTC Passwordstate credentials potentially ‘harvested’ after malicious software update injected into password manager 26 April 2021 at 15:57 UTC Emotet clean-up: Security pros draw lessons from botnet menace as kill switch is activated 26 April 2021 at 14:57 UTC Dan Kaminsky: Tributes pour in for security researcher who died after short illness 26 April 2021 at 11:58 UTC Mining technology company Gyrodata hit by ransomware attack – employee data leaked 23 April 2021 at 14:46 UTC CocoaPods RCE exploit exposed keys to repo used by three million mobile apps 23 April 2021 at 12:59 UTC Xerox vulnerability disclosure legal threat withdrawn 23 April 2021 at 11:04 UTC Vulnerability in Homebrew macOS package manager could allow arbitrary code execution 22 April 2021 at 15:59 UTC Ill-advised research on Linux kernel lands computer scientists in hot water 22 April 2021 at 15:10 UTC ‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market 22 April 2021 at 13:58 UTC Ransomware attacks on shipping, logistics organizations rising as coronavirus vaccine supply chain targeted 22 April 2021 at 13:01 UTC Valve belatedly fixes Steam gaming platform RCE vulnerability 22 April 2021 at 10:16 UTC Don’t panic! DEF CON warrant canary confusion blamed on ‘CMS mistake’ 21 April 2021 at 14:45 UTC Zero-day vulnerabilities in SonicWall email client led to network access, backdoors installed 21 April 2021 at 13:20 UTC Telecoms industry facing increased DDoS attacks, report warns 21 April 2021 at 10:52 UTC QNAP fixes critical RCE vulnerabilities in NAS devices 20 April 2021 at 15:42 UTC Vulnerability in Nagios XI exploited by cryptojacking crooks to hijack systems 20 April 2021 at 14:45 UTC Django Debug Toolbar tripped up by SQL injection flaw 19 April 2021 at 14:44 UTC Codecov users warned after backdoor discovered in DevOps tool 19 April 2021 at 13:25 UTC Drinks giant C&C Group subsidiary shuts down IT systems following security incident 19 April 2021 at 12:33 UTC Researchers trick Duo 2FA into sending authentication request to attacker-controlled device 16 April 2021 at 15:26 UTC Swiss Post launches public bug bounty program with YesWeHack 16 April 2021 at 13:22 UTC Cockpit CMS flaws exposed web servers to NoSQL injection exploits 16 April 2021 at 10:03 UTC Software developer charged with sabotaging employer’s systems through denial-of-service attack 15 April 2021 at 17:01 UTC When vulnerability disclosure goes sour: New GitHub repo details legal threats and risks faced by ethical hackers 15 April 2021 at 13:38 UTC Behind the Great Firewall: Chinese cyber-espionage adapts to post-Covid world with stealthier attacks 15 April 2021 at 11:19 UTC Cisco router flaws left small business networks open to abuse 14 April 2021 at 15:12 UTC Feds zap Exchange Server backdoors as Microsoft offers patches for further flaws 14 April 2021 at 14:01 UTC Inference attacks: How much information can machine learning models leak? 14 April 2021 at 12:48 UTC Pressure grows on Valve to unplug Steam gaming platform vulnerabilities 13 April 2021 at 16:14 UTC Capcom ransomware attack: Hackers gained access via vulnerable VPN, report finds 13 April 2021 at 15:06 UTC Surge in malware and cyber-attacks set to continue, Europol warns in SOCTA 2021 report 13 April 2021 at 11:46 UTC Indian stock trading site Upstox resets passwords in response to data breach fears 12 April 2021 at 14:00 UTC Covid-19 pandemic: How bug bounty programs helped secure some of the world’s leading track and trace apps 12 April 2021 at 13:02 UTC Pwn2Own 2021: Zero-click Zoom exploit among winners as payout record smashed 09 April 2021 at 15:12 UTC Critical GravCMS vulnerability offers lessons for software developers 09 April 2021 at 13:45 UTC Facebook ‘knew about phone number data leak vulnerability two years before issue was fixed’, claims security researcher 09 April 2021 at 09:55 UTC BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE 08 April 2021 at 15:38 UTC Enter the Matrix: Secure communications network hits 30 million user milestone 08 April 2021 at 14:43 UTC Gigaset Android smartphones infected with malicious system update app 08 April 2021 at 10:42 UTC European privacy regulators lay down rules for Covid-status passports 07 April 2021 at 15:40 UTC NSA workflow application Emissary vulnerable to malicious takeover 07 April 2021 at 14:28 UTC PHP maintainers release post-mortem report after backdoor planted in Git repo 07 April 2021 at 13:03 UTC Booking.com fined $560,000 for GDPR data breach violation 06 April 2021 at 16:02 UTC Smart TV tech loophole allowed miscreants to view private YouTube videos 06 April 2021 at 15:18 UTC Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection 06 April 2021 at 14:28 UTC President Biden’s new executive order could oblige software vendors to tell Uncle Sam about security breaches 05 April 2021 at 14:00 UTC UC Berkeley confirms data breach, becomes latest victim of Accellion cyber-attack 02 April 2021 at 13:45 UTC Bug Bounty Radar // The latest bug bounty programs for April 2021 01 April 2021 at 14:23 UTC DeepDotWeb operator pleads guilty for role in $8.4m darknet marketplace kickback scheme 01 April 2021 at 12:15 UTC