Archive - July 2021

Bug Bounty Radar // The latest bug bounty programs for August 2021 30 July 2021 at 15:42 UTC Dropbox researchers develop tool to detect lateral movement attacks against enterprise networks 30 July 2021 at 15:01 UTC Aaron Portnoy – ‘There’s no silver bullet for ransomware or supply chain attacks’ 30 July 2021 at 12:30 UTC Entertainment tech provider D-Box recovering from ransomware attack 29 July 2021 at 16:30 UTC Arrests made over European ATM ‘jackpotting’ spree 29 July 2021 at 14:04 UTC Finders, cheaters: RCE bug in Moodle e-learning platform could be abused to steal data, manipulate results 29 July 2021 at 11:49 UTC DDoS attacks recede in Q2 as cryptocurrency price drops 28 July 2021 at 15:57 UTC Data breaches are costing more than ever, as organizations take longer to detect attacks, apply patches – report 28 July 2021 at 14:43 UTC UC San Diego Health discloses data breach after employee email accounts hijacked 28 July 2021 at 13:31 UTC Stray GitHub access token from Shopify earns novice bug bounty hunter $50k 27 July 2021 at 16:36 UTC US medical imaging center reports possible data breach after emails ‘accessed’ 27 July 2021 at 15:38 UTC Chained Zimbra flaws gave attackers unrestricted access to mail servers 27 July 2021 at 15:00 UTC Kaseya denies ransomware payment as it hails ‘100% effective’ decryption tool 27 July 2021 at 14:00 UTC No More Ransom celebrates success in helping 600k people recover from ransomware attacks 26 July 2021 at 16:03 UTC Security vulnerabilities in IDEMIA access control devices could allow attackers to ‘remotely open doors’ 26 July 2021 at 15:06 UTC Potential phishing scam averted following Irish coronavirus certificate website typo 26 July 2021 at 13:22 UTC Research roadblock: Security pros weigh in on China’s new vulnerability disclosure law 26 July 2021 at 12:10 UTC Interview: Patchstack’s Oliver Sild on securing WordPress, one plugin vulnerability at a time 23 July 2021 at 14:18 UTC UK National Lottery Community Fund data breach impacts grant applicants 23 July 2021 at 12:37 UTC Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature 23 July 2021 at 11:28 UTC Google supercharges Chrome’s phishing detection mechanism 22 July 2021 at 16:04 UTC Multiple encryption flaws uncovered in Telegram messaging protocol 22 July 2021 at 14:56 UTC Respect in Security: New infosec campaign aims to stamp out harassment 22 July 2021 at 13:15 UTC Loyalty management tech firm Antavo launches bug bounty program 22 July 2021 at 11:45 UTC Sensitive medical data of cancer patients at Jefferson Health potentially breached following third-party hack 21 July 2021 at 15:55 UTC cURL developers take a second shot at fixing information disclosure flaw 21 July 2021 at 14:41 UTC US DHS issues second directive for securing critical fuel supplies in wake of Colonial Pipeline attack 21 July 2021 at 12:47 UTC WordPress 5.8 update extends Site Health interface for developers 20 July 2021 at 15:40 UTC Update now: TIBCO Data Virtualization software vulnerable to RCE via third-party flaws, claims researcher 20 July 2021 at 14:58 UTC Snake oil Covid-19 treatment sites seized by US authorities 20 July 2021 at 14:18 UTC Chained vulnerabilities in Aruba Networks firmware allowed remote code execution on routers 20 July 2021 at 11:06 UTC US authorities are offering $10 million for information on nation-state cyber-attacks 19 July 2021 at 15:30 UTC Italian hosting firm Aruba.it defends data breach notification delay 19 July 2021 at 13:48 UTC Umbraco flags pending security patch for RCE vulnerability in forms package – updated 19 July 2021 at 12:03 UTC RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites 16 July 2021 at 14:09 UTC Schneider Electric fixes critical vulnerabilities in EVlink electric vehicle charging stations 16 July 2021 at 12:11 UTC Healthcare data breach: 2.4m records potentially exposed at Forefront Dermatology 15 July 2021 at 15:45 UTC AWS CloudFront API: Research reveals ‘leak’ of partial account IDs 15 July 2021 at 13:01 UTC Google to bolster Chrome privacy protections with HTTPS-First Mode 15 July 2021 at 12:16 UTC HTTP request smuggling vulnerability in Apache Tomcat ‘has been present since 2015’ 14 July 2021 at 16:52 UTC REvil infrastructure disappearance sparks speculation about fate of infamous ransomware slingers 14 July 2021 at 16:09 UTC DevSecAI: GitHub Copilot prone to writing security flaws 14 July 2021 at 13:49 UTC Critical vulnerabilities in open source text editor Etherpad could lead to remote takeover 14 July 2021 at 09:38 UTC Encryption issues account for minority of flaws in encryption libraries – research 13 July 2021 at 16:15 UTC Firefox becomes latest browser to support Fetch Metadata request headers 13 July 2021 at 13:55 UTC SolarWinds issues fix for RCE vulnerability in Serv-U products amid ‘targeted’ attacks 13 July 2021 at 12:24 UTC Research exposes vulnerabilities in IP camera firmware used by multiple vendors 12 July 2021 at 15:14 UTC Microsoft paid out $14m in bug bounty rewards in past 12 months – report 12 July 2021 at 14:00 UTC Eight arrests made as Eurojust dismantles €2 million e-commerce fraud operation 12 July 2021 at 12:29 UTC Flaw in preprocessor language Less.js causes website to leak AWS secret keys 09 July 2021 at 15:47 UTC China puts national security protection at the center of new data privacy law 09 July 2021 at 14:01 UTC Google checks rise of DOM XSS with Trusted Types 09 July 2021 at 12:35 UTC Fake crypto-mining Android apps net fraudsters $350k 08 July 2021 at 16:02 UTC Dell Wyse Management Suite subject to database exposure, session hijacking 08 July 2021 at 15:15 UTC Healthcare data breach: Cyber-attack at Mississippi’s Coastal Family Health Center leaked patient information 08 July 2021 at 14:16 UTC Kaspersky Password Manager lambasted for multiple cryptographic flaws 07 July 2021 at 16:19 UTC British Airways agrees to pay victims of record-breaking data breach 07 July 2021 at 13:16 UTC Filesec.io project catalogs malicious file extensions being used by attackers 07 July 2021 at 10:54 UTC Operation Lyrebird: Cybercops nab Moroccan phish-and-carding kingpin 06 July 2021 at 17:00 UTC Yearn Finance launches bug bounty program with payouts potentially reaching $200k 06 July 2021 at 15:25 UTC Data breach at third-party provider exposes medical information of US healthcare patients 06 July 2021 at 14:21 UTC REvil ransomware attackers demand $70m following Kaseya VSA supply chain attack 05 July 2021 at 16:13 UTC GitLab triages bug bounty-reported flaws with latest release 05 July 2021 at 14:31 UTC WAF bypass: ‘Severe’ OWASP ModSecurity Core Rule Set bug was present for several years 05 July 2021 at 12:31 UTC Firmware vulnerabilities in Netgear routers created network security risk 02 July 2021 at 16:30 UTC US Department of Homeland Security toasts success of warp-speed drive to diversify cybersecurity workforce 02 July 2021 at 15:22 UTC Russian hacking group APT28 ‘conducting brute-force attacks’ against organizations worldwide 02 July 2021 at 13:20 UTC Iranian cyber-threat groups make up for lack of technical sophistication with social engineering trickery 01 July 2021 at 15:02 UTC Researchers accidentally release exploit code for new Windows ‘zero-day’ bug PrintNightmare 01 July 2021 at 14:36 UTC Latest web hacking tools – Q3 2021 01 July 2021 at 13:39 UTC