Archive - August 2021

Bug Bounty Radar // The latest bug bounty programs for September 2021 31 August 2021 at 16:19 UTC Microsoft Exchange Server had ‘ProxyToken’ vulnerability that leaked incoming emails 31 August 2021 at 14:07 UTC Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution 31 August 2021 at 11:05 UTC Microsoft warns of critical Azure Cloud vulnerability impacting Cosmos DB accounts 27 August 2021 at 15:30 UTC Annke network video recorder vulnerability could see attackers seize control of security cameras 27 August 2021 at 14:02 UTC Ransomware attack at Singapore eye clinic potentially breaches 73,000 patients’ data 27 August 2021 at 13:00 UTC Cybercrime triathlete jailed for 11 years over trio of online scams 26 August 2021 at 18:00 UTC ‘Trilateration’ vulnerability in dating app Bumble leaked users’ exact location 26 August 2021 at 15:58 UTC Breach at Deep South allergy clinic group exposed the health info of estimated 9,800 patients 26 August 2021 at 13:50 UTC UK firm accused of bullying small businesses with CSP patent infringement letters backtracks 25 August 2021 at 16:10 UTC Citrix quietly restores vulnerability credits to Positive Technologies researchers after Russian infosec firm’s erasure 25 August 2021 at 14:17 UTC Rampant misconfigurations in Microsoft Power Apps exposed 38 million records 24 August 2021 at 16:32 UTC US and Singapore sign agreement to bolster cybersecurity across government agencies 24 August 2021 at 15:43 UTC Founder of bitcoin money laundering service admits $300 million racket 23 August 2021 at 16:16 UTC Critical vulnerabilities in web file manager elFinder leave servers susceptible to takeover 23 August 2021 at 14:22 UTC Mozi malware modified to present a more potent threat to industrial control systems 20 August 2021 at 15:00 UTC US healthcare org sends data breach warning to 1.4m patients following ransomware attack 19 August 2021 at 14:38 UTC Good education: Cyber awareness initiative aims to close infosec workforce gap with free school curriculum 19 August 2021 at 12:53 UTC Whistleblowing security researchers deny ‘inappropriate access’ to Indiana Covid-19 survey data 18 August 2021 at 15:22 UTC Fortinet WAF vulnerable to command injection attacks, researchers find 18 August 2021 at 11:28 UTC XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover 17 August 2021 at 15:10 UTC Audiomack music streaming platform launches public bug bounty 17 August 2021 at 14:16 UTC Florida woman ‘damaged computers, deleted crucial business data’ after she was fired 17 August 2021 at 12:08 UTC Nation-state threat: How DDoS-over-TCP technique could amplify attacks 16 August 2021 at 16:22 UTC Realtek SDK vulnerabilities impact dozens of downstream IoT vendors 16 August 2021 at 14:24 UTC Data breach at New York university potentially affects 47,000 citizens 16 August 2021 at 12:54 UTC Fight or flight: How one of the UK’s busiest airports defends against cyber-attacks 13 August 2021 at 18:06 UTC Steam security: Valve promptly resolves ‘unlimited funds’ gaming wallet cheat 13 August 2021 at 15:06 UTC ‘Unpatched’ vulnerabilities in Wodify fitness management platform allow attackers to steal gym payments, extract member data 13 August 2021 at 12:00 UTC Research: Hundreds of high-traffic web domains vulnerable to same-site attacks 12 August 2021 at 15:10 UTC Exhaustive study puts China’s infamous Great Firewall under the microscope 12 August 2021 at 14:13 UTC Node.js developers fix high-risk vulnerability that could allow remote domain hijacking 12 August 2021 at 13:09 UTC Data breach at US waste management firm exposes employees’ healthcare details 12 August 2021 at 11:10 UTC Apple drops controversial lawsuit against Corellium 11 August 2021 at 16:34 UTC International cybercrime gang charged with Covid-19 business email compromise fraud 11 August 2021 at 14:08 UTC Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation 11 August 2021 at 10:58 UTC Firefox 91 features HTTPS by default in private browsing mode 10 August 2021 at 15:02 UTC Data of three million elderly citizens exposed in cloud security oversight 10 August 2021 at 11:25 UTC Top Hacks from Black Hat and DEF CON 2021 09 August 2021 at 17:04 UTC Singaporean telco StarHub discloses data leak affecting 57,000 customers 09 August 2021 at 15:47 UTC The Ripple Effect: How increasing the number of women in the infosec can result in a happier workplace 09 August 2021 at 14:24 UTC ‘A whole new attack surface’ – Researcher Orange Tsai documents ProxyLogon exploits against Microsoft Exchange Server 06 August 2021 at 15:48 UTC Black Hat USA: Downgrade attack against Let’s Encrypt lowers the bar for printing fraudulent SSL certificates 06 August 2021 at 14:51 UTC Dispute erupts between Chaos Computer Club and Germany’s CDU after activist finds alarming data leak 06 August 2021 at 13:52 UTC Enfilade: Open source tool flags ransomware and bot infections in MongoDB instances 06 August 2021 at 13:08 UTC Writers’ block? Tools that simplify the report-writing process allow security researchers to ‘focus on the fun part’ 06 August 2021 at 12:24 UTC Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack 06 August 2021 at 11:43 UTC Black Hat USA: HTTP/2 flaws expose organizations to fresh wave of request smuggling attacks 05 August 2021 at 21:30 UTC Black Hat USA 2021: Lessons to learn from the aviation sector after Biden mandates cyber-attack investigatory body 05 August 2021 at 16:47 UTC Black Hat Briefings: Hosted DNS configuration flaws risk leaking corporate network topologies 05 August 2021 at 15:43 UTC Black Hat USA: Credential leak detection tool Scrapesy aims to reduce incident response times 05 August 2021 at 13:26 UTC Pakistan government approves new cybersecurity policy, cybercrime agency 05 August 2021 at 10:33 UTC Black Hat 2021: WARCannon simplifies web-wide vulnerability research 04 August 2021 at 20:04 UTC Black Hat 2021: Zero-days, ransoms, supply chains, oh my! 04 August 2021 at 19:06 UTC Decade-long vulnerability in multiple routers could allow network compromise 04 August 2021 at 15:53 UTC Vulnerability in dating site OkCupid could be used to trick users into ‘liking’ or messaging other profiles 04 August 2021 at 14:13 UTC Security researcher finds dangerous bug in Chromium, nabs $15,000 bounty 03 August 2021 at 16:30 UTC Four-fold increase in software supply chain attacks predicted in 2021 – report 03 August 2021 at 15:10 UTC Data breach class actions: US Supreme Court decision may tilt the odds in favor of defendant organizations 03 August 2021 at 11:56 UTC Critical flaws in TransLogic Pneumatic Tube System could see attackers sabotage hospital operations 02 August 2021 at 14:34 UTC UK universities awarded funding for research into IoT, smart home security 02 August 2021 at 10:58 UTC