About

Archive - March 2022

Spring4Shell: Spring users face new, zero-day vulnerability 31 March 2022 at 14:28 UTC Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner 31 March 2022 at 12:38 UTC US healthcare data breach impacts 85,000 law enforcement officers 31 March 2022 at 10:46 UTC Spring Cloud framework commits patch for code injection flaw 30 March 2022 at 16:30 UTC SQL injection protections in ImpressCMS could be bypassed to achieve RCE 30 March 2022 at 15:07 UTC ‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim 30 March 2022 at 14:15 UTC Network cavity blamed for data breach at Japanese candy maker Morinaga 29 March 2022 at 15:27 UTC HTML parser bug triggers Chromium XSS security flaw 29 March 2022 at 13:10 UTC Ukrainian ISP used by military disrupted by ‘powerful’ cyber-attack 29 March 2022 at 10:33 UTC Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns – report 28 March 2022 at 16:00 UTC ENISA urges data-handling innovation amid growing tide of healthcare breaches 28 March 2022 at 15:11 UTC FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues 28 March 2022 at 14:02 UTC Four Russian government employees charged over hacking campaigns on critical infrastructure 25 March 2022 at 14:39 UTC Washington residents’ medical data exposed by phishing attack on Spokane Regional Health District 25 March 2022 at 14:21 UTC HTTP request smuggling bug patched in mitmproxy 25 March 2022 at 11:58 UTC Microweber developers resolve XSS vulnerability in CMS software 24 March 2022 at 15:29 UTC FBI Most Wanted Russian national accused of running dark web marketplace 24 March 2022 at 13:50 UTC Flash loan attack on One Ring protocol nets crypto-thief $1.4 million 24 March 2022 at 11:53 UTC Sophos fixes SQL injection vulnerability in UTM appliance 23 March 2022 at 14:50 UTC US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks 23 March 2022 at 13:57 UTC Okta investigates LAPSUS$ gang’s compromise claims 22 March 2022 at 17:17 UTC Scottish mental health charity disrupted by ‘sophisticated’ cyber-attack 22 March 2022 at 15:50 UTC ‘Browser in a browser’: Phishing technique simulates pop-ups to exploit users 22 March 2022 at 13:50 UTC NPM maintainer targets Russian users with data-wiping ‘protestware’ 21 March 2022 at 17:07 UTC Rust patches sneaky ReDoS bug 21 March 2022 at 13:12 UTC Workaround offered for unpatched HTML-to-PDF rendering vulnerability 18 March 2022 at 14:55 UTC Apple Safari empowers developers to mitigate web flaws with WebKit CSP enhancements 18 March 2022 at 11:53 UTC Downdetector: How the popular site outage tracker is helping to improve web security 17 March 2022 at 15:00 UTC ‘Fox guarding the henhouse’ – Founder of cyber-fraud prevention company pleads guilty to defrauding investors 17 March 2022 at 12:09 UTC Unpatched plugins threaten millions of WordPress websites 16 March 2022 at 16:20 UTC HackerOne lifts ‘sanctions’ against Ukrainian hackers 16 March 2022 at 14:39 UTC OpenSSL drops update addressing ‘high severity’ denial of service issue in ubiquitous encryption library 16 March 2022 at 10:22 UTC Node.js security: Parse Server remote code execution vulnerability resolved 15 March 2022 at 15:11 UTC Israeli government websites temporarily knocked offline by ‘massive’ cyber-attack 15 March 2022 at 11:55 UTC Prison service for England and Wales recorded more than 2,000 data breaches over 12 months 14 March 2022 at 16:01 UTC Data breach at US heart disease treatment center impacts 287,000 individuals 14 March 2022 at 14:55 UTC ‘Cybersecurity incident’ at Ubisoft disrupts operations, forces company-wide password reset 14 March 2022 at 13:46 UTC Stats widget hacked in attempt to breach Russian government agency websites 11 March 2022 at 16:06 UTC UK ferry operator Wightlink flags potential data breach after ‘highly sophisticated’ cyber-attack 11 March 2022 at 13:56 UTC Microsoft praised for quickly resolving Azure Automation cloud security vulnerability 11 March 2022 at 11:52 UTC RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI 10 March 2022 at 15:40 UTC 1Password increases bug bounty reward to $1 million 10 March 2022 at 14:45 UTC Middleboxes now being used for DDoS attacks in the wild, Akamai finds 10 March 2022 at 12:22 UTC Exploit chain allows security researchers to compromise Pascom phone systems 09 March 2022 at 17:52 UTC Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices 09 March 2022 at 15:35 UTC Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware 09 March 2022 at 13:46 UTC Electronics retailer Adafruit apologises after training data containing real customer info leaks onto GitHub 08 March 2022 at 17:32 UTC Aspiring women in infosec need role models and collective strength, industry panel hears 08 March 2022 at 16:24 UTC SQL injection vulnerability in e-learning platform Moodle could enable database takeover 08 March 2022 at 14:36 UTC Concerns raised over bug disclosure program aimed at tackling Russia’s ‘propaganda machine’ 08 March 2022 at 14:07 UTC Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday 07 March 2022 at 17:00 UTC Utah privacy bill places tighter controls on consumer data 07 March 2022 at 14:37 UTC Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards 04 March 2022 at 15:57 UTC RCE vulnerability in Dynamicweb enterprise software could allow server compromise 04 March 2022 at 13:40 UTC Equifax data breach: Consumers unlikely to benefit financially from final settlement 04 March 2022 at 11:52 UTC Google WAF bypassed via oversized POST requests 03 March 2022 at 18:12 UTC Nvidia hackers allegedly attempting to blackmail company into open-sourcing GPU drivers 03 March 2022 at 16:05 UTC We’re ‘firefighters’ for victims of armed conflict – Hackers Without Borders co-founder on NGO’s timely arrival 03 March 2022 at 12:52 UTC Ukraine invasion: WordPress-hosted university websites hacked in ‘targeted attacks’ 02 March 2022 at 14:48 UTC Remote code execution vulnerability uncovered in Hashnode blogging platform 02 March 2022 at 11:56 UTC Toyota shuts down production after ‘cyber-attack’ on supplier 01 March 2022 at 16:02 UTC Private chat? Chrome Skype extension with 9m installs found to be leaking user info 01 March 2022 at 14:58 UTC Critical GitLab vulnerability could allow attackers to steal runner registration tokens 01 March 2022 at 13:38 UTC