Secure development: New and improved Linux Random Number Generator ready for testing
Proposed replacement for /dev/random promises to double performance and add flexibility [...]
Showing only posts by The Daily Swig. Show all posts.
Vulnerabilities in NPM allowed threat actors to publish new version of any package
Details of flaws were made public this week [...]
Belarusian hackers claim to have accessed full database of those crossing the country’s borders
‘Belarus Cyber-Partisans’ say they gained access to all entries in and out of the country over the past 15 years [...]
Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities
New approach echoes the depressingly successful ransomware-as-a-service business model [...]
Number of cyber-attacks infiltrating critical New Zealand networks soars
National cybersecurity agency also observes rise in automated probing for web security flaws [...]
Server-side vulnerabilities in Concrete CMS put thousands of websites under threat
Web admins urged to apply patches now [...]
HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning
New hacking technique may pave the way for other serious attacks [...]
Microsoft fixes reflected XSS in Exchange Server
Researchers’ bid to reproduce ProxyShell yields something entirely new [...]
Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands
Security issue saw fake emails sent from legitimate agency accounts [...]
Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn
Mind the gap [...]
HTML smuggling: Fresh attack technique increasingly being used to target banking sector
Evasive malware is being spread via email in campaigns similar to those of nation-state actors [...]
HTML smuggling: Fresh attack technique is being used to increasingly target banking sector
Evasive malware is being spread via email in campaigns similar to those of nation-state actors [...]
Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies
‘His vision has changed the lives of hundreds of thousands of security practitioners’ [...]
Driftwood debuts: New open source tool hunts for leaked public-private key pairs
The tool will help security professionals find compromised TLS keys and sensitive keys tied to GitHub accounts [...]
GoCD bug chain provides second springboard for supply chain attacks
Follow-up to recent GoCD disclosure provides additional path to infiltrating build environments [...]
Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth
Fear of Twitter fallout is stopping vital information from being shared Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Black [...]
Palo Alto GlobalProtect users urged to patch against critical vulnerability
Details withheld about dangerous threat as orgs given one-month patching window [...]
Dependency Combobulator offers defense against namespace confusion attacks
Toolkit ‘tackles common scenarios’ and can evolve to detect emerging attack variants [...]
‘Add yourself as super admin’ – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover
Technical details of long-since patched Google cloud software vulnerability released [...]
Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters
Researchers urge developers to secure code by disallowing non-ASCII characters [...]
Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure
Better incentives to build secure products needed, former MEP tells conference [...]
Apache Storm maintainers patch two pre-auth RCE vulnerabilities
High-risk issues were discovered by GitHub’s in-house security team [...]
bZx crypto heist results in reported losses of more than $55 million
BSC and Polygon funds drained – but Ethereum contracts ‘safe’ – following phishing attack [...]
Security breach at trading platform Robinhood sparks phishing fears
Social engineering attack exposes email addresses of five million investors [...]
Two men charged with deploying REvil ransomware attacks, targeting US government and businesses
Individuals face up to 145 years in prison if convicted [...]
« newer articles | page 29 | older articles »