About

Archive - January 2022

Bug Bounty Radar // The latest bug bounty programs for February 2022 31 January 2022 at 16:02 UTC No smoke without fire? ‘Critical’ Loguru security flaw turns out to be non-issue 31 January 2022 at 14:45 UTC Vulnerability in PostBus public transport platform exposed customer data 31 January 2022 at 12:27 UTC US government’s ‘zero trust’ roadmap calls time on perimeter-based paradigm 28 January 2022 at 15:38 UTC Xerox belatedly addresses web-based printer bricking threat 28 January 2022 at 14:15 UTC Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees 28 January 2022 at 11:40 UTC Apple pays out $100k bounty for Safari webcam hack that imperiled victims’ online accounts 27 January 2022 at 15:48 UTC Solarwinds fixes code execution bug in enterprise helpdesk software 27 January 2022 at 14:28 UTC DeepDotWeb administrator gets eight-year stretch in US prison for money laundering 27 January 2022 at 13:52 UTC Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans 26 January 2022 at 16:52 UTC US healthcare company EyeMed reaches settlement following 2020 data breach 26 January 2022 at 14:59 UTC Android security tool APKLeaks patches critical vulnerability 26 January 2022 at 14:05 UTC Tor Project heads to Russian court to appeal against censorship 26 January 2022 at 11:54 UTC PrinterLogic vendor addresses triple RCE threat against all connected endpoints 25 January 2022 at 15:09 UTC California public office admits Covid-19 healthcare data breach 25 January 2022 at 13:39 UTC Triple-digit threshold: Browser makers offer compatibility testing tools as version 100 approaches 25 January 2022 at 12:12 UTC F5 fixes high-risk NGINX Controller vulnerability in January patch rollout 24 January 2022 at 16:56 UTC RCE bug chain patched in Control Web Panel 24 January 2022 at 15:30 UTC OpenSubtitles data breach: Users asked to re-secure accounts after plaintext password snafu 24 January 2022 at 14:29 UTC Chain of vulnerabilities led to RCE on Cisco Prime servers 24 January 2022 at 13:05 UTC European Commission launches new open source software bug bounty program 21 January 2022 at 16:00 UTC Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims 21 January 2022 at 14:51 UTC Open debug mode in Cisco mobile networking software created critical security hole 21 January 2022 at 13:45 UTC BitLocker encryption: Clear text key storage prompts security debate online 21 January 2022 at 11:56 UTC White House orders federal agencies to raise cybersecurity bar for national security systems 20 January 2022 at 15:24 UTC Red Cross suffers cyber-attack – data of 515,000 ‘highly vulnerable’ people exposed 20 January 2022 at 14:05 UTC Eleven prolific BEC scam suspects arrested in Nigeria 20 January 2022 at 11:55 UTC GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout 19 January 2022 at 16:30 UTC Security vulnerabilities in Umbraco CMS could lead to account takeover 19 January 2022 at 14:10 UTC ThePhish: ‘the most complete’ non-commercial phishing email analysis tool 19 January 2022 at 12:46 UTC Chrome to bolster CSRF protections with CORS preflight checks on private network requests 18 January 2022 at 15:35 UTC Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software 18 January 2022 at 14:01 UTC SSRF vulnerability in VMWare authentication software could allow access to user data 18 January 2022 at 13:30 UTC VPNLab takedown: Authorities dismantle secure communication tool favored by cybercriminals 18 January 2022 at 10:48 UTC Celebrations over REvil ransomware arrests in Russia may be premature 17 January 2022 at 17:21 UTC Same-origin violation vulnerability in Safari 15 could leak a user’s website history and identity 17 January 2022 at 16:34 UTC White House tackles ‘unique security challenges’ faced by open source ecosystem during dedicated virtual summit 17 January 2022 at 15:02 UTC Introducing vAPI – an open source lab environment to learn about API security 17 January 2022 at 11:55 UTC Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device 14 January 2022 at 16:30 UTC Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software 14 January 2022 at 15:01 UTC GitLab shifts left to patch high-impact vulnerabilities 13 January 2022 at 16:41 UTC Generation cyber: How diversity and ageism can impact the IT workforce 13 January 2022 at 14:50 UTC Bug Alert launched to provide early warning system for super-critical vulnerabilities 13 January 2022 at 12:03 UTC Cybersecurity conferences 2022: A rundown of online, in person, and ‘hybrid’ events 12 January 2022 at 16:30 UTC Patch Tuesday: Web security issues in the spotlight in Microsoft’s bumper January update 12 January 2022 at 15:20 UTC Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns 12 January 2022 at 14:11 UTC Moodle e-learning platform patches session hijack bug that led to pre-auth RCE 12 January 2022 at 12:32 UTC Growing cyber threats listed among greatest global risks in annual World Economic Forum report 11 January 2022 at 16:30 UTC VMware Horizon under attack as China-based ransomware group targets Log4j vulnerability 11 January 2022 at 15:21 UTC Multiple Node.js vulnerabilities fixed in flurry of new releases 11 January 2022 at 14:15 UTC IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks 11 January 2022 at 12:21 UTC Report: DDoS attacks increasing year on year as cybercriminals demand extortionate payouts 10 January 2022 at 16:06 UTC City of Grass Valley, California, suffers data breach – employee and citizen information exposed 10 January 2022 at 14:39 UTC The blame game: EU criticized for ‘fragmented and slow’ approach to cyber-attack attribution 10 January 2022 at 12:44 UTC Researchers discover Log4j-like flaw in H2 database console 07 January 2022 at 16:10 UTC Latest WordPress security release fixes XSS, SQL injection bugs 07 January 2022 at 15:14 UTC Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE 07 January 2022 at 14:15 UTC Java RMI services often vulnerable to SSRF attacks – research 06 January 2022 at 15:45 UTC New York Attorney General flags 1.1 million online accounts compromised by credential stuffing attacks 06 January 2022 at 14:34 UTC Kazakhstan government shuts down internet following country-wide protests 06 January 2022 at 13:07 UTC Insecure Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates 06 January 2022 at 10:58 UTC Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’ 05 January 2022 at 17:10 UTC Web skimming attacks on hundreds of real estate websites deployed via cloud video hosting service 05 January 2022 at 14:56 UTC Indian academic bookseller Oswaal Books fixes alleged RCE and other serious vulnerabilities with Shopify relaunch 05 January 2022 at 13:52 UTC US retailer PulseTV warns of apparent credit card data breach 04 January 2022 at 16:15 UTC Latest web hacking tools – Q1 2022 04 January 2022 at 14:53 UTC Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards 04 January 2022 at 12:01 UTC