Archive - May 2021

Deadshot: Open source DevOps tool stops sensitive data from being uploaded to GitHub 31 May 2021 at 12:26 UTC Klarna privacy clanger blamed on buggy software update 28 May 2021 at 15:04 UTC Threema, the European rival to Signal, wins pivotal privacy battle in Swiss Court 28 May 2021 at 11:56 UTC Argument injection vulnerability in image handling library affects content management systems 27 May 2021 at 16:02 UTC Canada Post reveals supplier data breach involving shipping information of 950,000 parcel recipients 27 May 2021 at 13:18 UTC Trend Micro home security guardian beset by triple vulnerability threat 26 May 2021 at 15:20 UTC Bluetooth pairing, pwned: Security researchers discover fresh wave of ‘impersonation attack’ flaws in wireless tech 26 May 2021 at 12:25 UTC Overlooked vulnerabilities in GraphQL open the door to cross-site request forgery attacks 26 May 2021 at 10:14 UTC Deer.io takedown: Russian citizen jailed for selling stolen personal information of US citizens online 25 May 2021 at 14:16 UTC US healthcare non-profit reports data breach impacting 200,000 patients, employees 25 May 2021 at 12:58 UTC Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse 25 May 2021 at 09:57 UTC Open source ecosystem ripe for dependency confusion attacks, research finds 24 May 2021 at 15:38 UTC Insider PhD: Hacking education channel suspended from YouTube for ‘severe’ guideline violations 24 May 2021 at 14:59 UTC DeepSloth: Researchers find denial-of-service equivalent against machine learning systems 24 May 2021 at 10:48 UTC US water filter supplier pays $200,000 to settle credit card data leak lawsuit 21 May 2021 at 15:31 UTC Critical vulnerabilities patched in QNAP Music Station, Malware Remover apps 21 May 2021 at 14:26 UTC ‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers on filling a gap in infosec education 21 May 2021 at 12:23 UTC Former US soccer stadium hot dog concession manager jailed over computer sabotage 20 May 2021 at 15:50 UTC SolarWinds hack: Nation-state attackers could have launched supply chain attack nine months earlier than previously thought 20 May 2021 at 14:40 UTC WordPress security: More than 600,000 sites hit by blind SQLi vulnerability in WP Statistics plugin 20 May 2021 at 13:33 UTC NoSQL injection bugs in Rocket.Chat left servers open to RCE attacks 20 May 2021 at 12:25 UTC Making justice secure again: How New Jersey Courts tackled the rush to remote working at the start of the Covid-19 pandemic 19 May 2021 at 15:53 UTC Packaging vendor Ardagh admits cyber-attack disrupted operations 19 May 2021 at 14:08 UTC Opera security team discloses multiple flaws in open source web proxy, Privoxy 19 May 2021 at 11:09 UTC Ireland’s national health service offers sitrep after ransomware attack knocked systems offline 18 May 2021 at 14:21 UTC GitLab tackles crypto-mining abuse with payment card checks for free accounts 18 May 2021 at 13:31 UTC AXA ransomware attack comes just days after insurer pulled coverage for cyber-attack class in France 18 May 2021 at 11:37 UTC Magecart Group 12 unleashes stealthy PHP skimmer against vulnerable Magento e-commerce sites 17 May 2021 at 15:32 UTC Microsoft releases free online ‘playbooks’ to help businesses defend against cyber-attacks 17 May 2021 at 14:06 UTC Analysis: Colonial Pipeline’s $5m ransomware payment risks perpetuating cybercrime ‘feedback loop’ 14 May 2021 at 15:31 UTC All major desktop browsers vulnerable to tracking flaw that can bypass privacy tools – research 14 May 2021 at 14:09 UTC Open Distro bug exposed servers to SSRF exploits 14 May 2021 at 11:02 UTC Shift right: Developers knowingly release insecure applications, says report 13 May 2021 at 14:42 UTC Aurelia framework’s default HTML sanitizer opens the door to XSS attacks 13 May 2021 at 13:28 UTC Jenkins Attack Framework: New tool helps uncover little-known vulnerabilities in CI/CD environments 13 May 2021 at 10:51 UTC Colonial Pipeline cyber-attack: DarkSide ransomware details emerge as US urges critical infrastructure operators to be vigilant 12 May 2021 at 16:30 UTC UK government releases free cyber-threat warning tool at annual CyberUK conference 12 May 2021 at 15:03 UTC Beyond Lazarus: North Korean cyber-threat groups become top-tier, ‘reckless’ adversaries 12 May 2021 at 12:10 UTC UK government to review country's aging Computer Misuse Act – official 11 May 2021 at 15:40 UTC University of California data breach: Sensitive information of staff, students leaked 11 May 2021 at 13:45 UTC What’s TsuNAME? DDoS attack vector threatens authoritative DNS servers 11 May 2021 at 11:44 UTC Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability 10 May 2021 at 15:05 UTC Four plead guilty to providing ‘bulletproof’ hosting services for cybercriminals 10 May 2021 at 14:00 UTC Remote Mouse mobile app contains raft of zero-day RCE vulnerabilities 10 May 2021 at 12:55 UTC What the FLoC? Everything you need to know about Google’s new ad tech that aims to replace third-party cookies 07 May 2021 at 15:20 UTC Researcher calls out privacy flaw in Twitter’s new ‘Tip Jar’ donation feature 07 May 2021 at 13:53 UTC Troy Hunt at Black Hat Asia: ‘We’re making it very difficult for people to make good security decisions’ 06 May 2021 at 15:52 UTC Researcher discovers vulnerabilities in Azure Functions, stumbles across false oracle 06 May 2021 at 14:09 UTC Mauritian government’s plan to intercept encrypted web traffic marks ‘death knell for freedom of speech’ 06 May 2021 at 11:02 UTC US Department of Defense expands vulnerability disclosure program 05 May 2021 at 15:54 UTC Multiple critical vulnerabilities in Exim email server software pose RCE risk 05 May 2021 at 14:40 UTC Google and Mozilla unveil plans to bake HTML sanitization into their browsers 05 May 2021 at 13:37 UTC Pulse Connect Secure zero-day stars in critical patch batch 04 May 2021 at 15:33 UTC XSS in the wild: JavaScript-stuffed orders used to compromise Japanese e-commerce sites 04 May 2021 at 14:20 UTC PHP package manager flaw left millions of web apps open to abuse 03 May 2021 at 14:02 UTC