Archive - June 2021

Pandora monitoring system pwned by chained vulnerability exploit 30 June 2021 at 15:35 UTC Bug Bounty Radar // The latest bug bounty programs for July 2021 30 June 2021 at 14:26 UTC Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page’ 30 June 2021 at 11:28 UTC Multiple vulnerabilities in WordPress plugin pose website remote code execution risk 29 June 2021 at 14:53 UTC Many Hats Club founder announces closure – spelling end for podcast, conference, Discord community 29 June 2021 at 13:09 UTC Call my bluff: NewsBlur RSS software devs offer glimpse into bungled ‘cyber-attack’ 29 June 2021 at 11:25 UTC Binance reveals how data analytics led to ransomware-linked money laundering bust 28 June 2021 at 16:00 UTC ‘Sophisticated threat actor’ targeting Zyxel firewalls and VPNs, vendor warns 28 June 2021 at 13:30 UTC Security training org EC-Council pulls blog over copyright violations, promises editorial improvements 28 June 2021 at 11:20 UTC Mercedes-Benz USA admits some customers’ credit card details, driver’s license numbers were accessible for 3.5 years 25 June 2021 at 16:02 UTC Instagram vulnerability nets researcher $30k after exposing users’ private content 25 June 2021 at 14:19 UTC Ukrainian man sentenced to prison for his part in billion-dollar FIN7 cybercrime campaign 25 June 2021 at 11:07 UTC Security organizations join forces with EFF to lobby for DMCA reform 24 June 2021 at 16:45 UTC ‘LEXSS’ injection: How to bypass lexical parsers by abusing HTML parsing logic 24 June 2021 at 15:29 UTC West Virginia job seekers alerted to gov’t employment agency data breach 24 June 2021 at 13:38 UTC Misconfigurations in most Active Directory environments create serious security holes, researchers find 23 June 2021 at 16:56 UTC EU pushes plans for Joint Cyber Unit in fight against increased cyber-attacks 23 June 2021 at 15:58 UTC Data breach at US eye clinic impacting 500,000 patients potentially exposed private medical information 23 June 2021 at 14:03 UTC Zero-day vulnerabilities in Pling leave Linux marketplaces open to RCE, supply chain attacks 23 June 2021 at 11:51 UTC European Commission to hold ‘hackathon’ in bid to secure data sharing across EU 22 June 2021 at 15:44 UTC Asia-Pacific internet registry APNIC says WHOIS admin passwords were mistakenly exposed for three months 22 June 2021 at 14:39 UTC Zero-encryption zero-day – Android fitness app caught sending data in clear text 22 June 2021 at 13:33 UTC Intent redirection vulnerabilities in popular Android apps spotlight danger of dynamic code loading, warn researchers 21 June 2021 at 15:17 UTC CSP bypass: How one Chrome XSS bug took 2.5 years and an HTML spec change to fix 21 June 2021 at 12:55 UTC US supermarket chain Wegmans suffers data breach due to ‘misconfigured’ databases 21 June 2021 at 11:57 UTC NIST charts course towards more secure supply chains for government software 18 June 2021 at 15:00 UTC Healthcare vendor Zoll patches high-risk vulnerabilities in defibrillator management software 18 June 2021 at 14:10 UTC XSS flaw in Wire messaging app allowed attackers to ‘fully control’ user accounts 18 June 2021 at 11:46 UTC GitLab fixes serious SSRF flaw that exposed orgs’ internal servers 17 June 2021 at 15:03 UTC Google abandons plans to simplify URLs in Chrome following real-world testing 17 June 2021 at 13:37 UTC UK legal firm Gateley warns of data breach following cyber-attack 17 June 2021 at 10:17 UTC US man accused of 2010 DDoS attack on Santa Cruz government arrested 16 June 2021 at 15:10 UTC Google open-sources tools to bring fully homomorphic encryption into the mainstream 16 June 2021 at 13:46 UTC Hacker community jumps on hilarious Twitter meme mocking bad infosec advice from CISOs 16 June 2021 at 12:35 UTC Vulnerability in Microsoft Teams granted attackers access to emails, messages, and personal files 15 June 2021 at 16:04 UTC US Computer Fraud and Abuse Act: What the ‘landmark’ Van Buren ruling means for security researchers 15 June 2021 at 14:42 UTC Thousands of VMWare vCenter Server instances still unpatched against critical flaws three weeks post-disclosure 15 June 2021 at 13:52 UTC Security researcher turns Apache Airflow into bug bounty cash cow 14 June 2021 at 15:55 UTC Asian e-commerce giant Lazada launches first public bug bounty program 14 June 2021 at 13:45 UTC Android screen lock protection thwarted by Facebook Messenger Rooms exploit 14 June 2021 at 12:40 UTC Cybersecurity for charities: How to protect your non-profit from cyber-attacks 11 June 2021 at 15:20 UTC CD Projekt Red: Games developer releases more details about cyber-attack that exposed private data 11 June 2021 at 14:17 UTC SIP protocol abused to trigger XSS attacks via VoIP call monitoring software 11 June 2021 at 12:10 UTC Al Jazeera repels cyber-attacks that sought to disrupt media network 10 June 2021 at 14:39 UTC CVE board slams Distributed Weakness Filing project for publishing ‘unauthorized’ CVE records 10 June 2021 at 13:55 UTC IoT security: Researchers discover Stem Audio smart speaker eavesdropping risk 10 June 2021 at 11:25 UTC Google Chrome Web Store is ranking suspicious web extensions above popular plugins 09 June 2021 at 15:33 UTC Colonial Pipeline cyber-attack: US authorities seize $2.3m in DarkSide ransomware payments 09 June 2021 at 13:39 UTC ‘Being serious about security is a must’ – Apache Software Foundation custodians on fulfilling its founding mission 08 June 2021 at 15:58 UTC Dual vulnerability combo in popular CMS Joomla could lead to ‘full system compromise’ 08 June 2021 at 14:43 UTC US government launches first VDP for federal civilian agencies 08 June 2021 at 12:41 UTC GitHub changes policy to welcome security researchers 07 June 2021 at 15:55 UTC Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software 07 June 2021 at 13:12 UTC Security vulnerability in Hyperkitty could expose private data 07 June 2021 at 10:50 UTC Microsoft debuts Automatic HTTPS for Edge in secure browsing upgrade 04 June 2021 at 16:02 UTC Korenix patches multiple critical vulnerabilities in networking devices 04 June 2021 at 11:22 UTC Get the message: Organizations without vulnerability disclosure policies failing to address researchers’ security warnings 03 June 2021 at 15:37 UTC Akamai offers post-mortem on recently resolved authentication platform vulnerability 03 June 2021 at 13:28 UTC US court offers clarity on evaluating ‘future risk’ injuries in data breach class action litigation 03 June 2021 at 11:41 UTC Spear-phishing campaign linked to SolarWinds attackers halted following domain seizure 02 June 2021 at 14:40 UTC Ransomware attack on world’s biggest meat supplier JBS ‘came from Russia’ 02 June 2021 at 13:25 UTC Apache Pulsar bug allowed account takeovers in certain configurations 02 June 2021 at 11:43 UTC Gaming mod development platform Overwolf fixes bug that could allow RCE via chained exploit 01 June 2021 at 15:27 UTC Bug Bounty Radar // The latest bug bounty programs for June 2021 01 June 2021 at 14:14 UTC EPUB vulnerabilities: Electronic reading systems riddled with browser-like flaws 01 June 2021 at 11:30 UTC