Chained vulnerabilities in Aruba Networks firmware allowed remote code execution on routers
Office pen test leads to discovery of multiple bugs in enterprise networking kit [...]
Showing only posts by The Daily Swig. Show all posts.
US authorities are offering $10 million for information on nation-state cyber-attacks
Sum may be awarded in cryptocurrency to help protect whistleblowers’ anonymity [...]
Italian hosting firm Aruba.it defends data breach notification delay
‘Catenaccio’ defenses breached by CMS hack [...]
Umbraco flags pending security patch for RCE vulnerability in forms package
‘No indication that this vulnerability is being exploited in the wild’ [...]
Umbraco flags pending security patch for RCE vulnerability in forms package – updated
‘No indication that this vulnerability is being exploited in the wild’ [...]
RCE vulnerability in Cloudflare CDN could have allowed complete compromise of websites
Issue has now been patched [...]
Schneider Electric fixes critical vulnerabilities in EVlink electric vehicle charging stations
Security flaws could allow an attacker to receive free vehicle charges, or lock up the charging station completely [...]
Healthcare data breach: 2.4m records potentially exposed at Forefront Dermatology
Wisconsin-based organization says unauthorized intrusion impacts staff, patient info [...]
AWS CloudFront API: Research reveals ‘leak’ of partial account IDs
Issue is ‘a design feature, not a bug’ [...]
Google to bolster Chrome privacy protections with HTTPS-First Mode
New browser feature will enforce connections over the encrypted web protocol [...]
HTTP request smuggling vulnerability in Apache Tomcat ‘has been present since 2015’
Open source web container now patched against six-year-old bug [...]
REvil infrastructure disappearance sparks speculation about fate of infamous ransomware slingers
Resident REvil Websites associated with REvil – the infamous ransomware group blamed for attacks on Kaseya, Travelex, and meat supplier JBS – have dropped offline, sparking feverish speculation in the [...]
DevSecAI: GitHub Copilot prone to writing security flaws
AI pair programmer should be supervised like a toddler, says researcher [...]
Critical vulnerabilities in open source text editor Etherpad could lead to remote takeover
XSS bug in open source program has now been patched, though second flaw remains [...]
Encryption issues account for minority of flaws in encryption libraries – research
‘Complexity is an even worse enemy of security in cryptographic software’ [...]
Firefox becomes latest browser to support Fetch Metadata request headers
Extra layer of security helps protect against CSRF and XS-Leak attacks [...]
SolarWinds issues fix for RCE vulnerability in Serv-U products amid ‘targeted’ attacks
Enterprise IT software vendor unsure of scope of impact SolarWinds has patched a remote code execution (RCE) vulnerability in its Serv-U file transfer products after Microsoft observed exploitation ag [...]
Research exposes vulnerabilities in IP camera firmware used by multiple vendors
Flawed UDP code bundled in CCTV devices from Geutebrück, VCA, and Sprinx Technologies [...]
Microsoft paid out $14m in bug bounty rewards in past 12 months – report
Security researchers received an average of $10k per report [...]
Eight arrests made as Eurojust dismantles €2 million e-commerce fraud operation
Phishing victims thought they were buying goods and services via Amazon, eBay, and Airbnb Romanian and Greek police have arrested eight members of an organized crime group that defrauded online shoppe [...]
Flaw in preprocessor language Less.js causes website to leak AWS secret keys
Issues in plugin feature can leave users at risk [...]
China puts national security protection at the center of new data privacy law
Broad and vague definition of sensitive information worries lawyers [...]
Google checks rise of DOM XSS with Trusted Types
Internal deployment has nullified elusive, complex threat since 2019 [...]
Fake crypto-mining Android apps net fraudsters $350k
Apps – many still available on third-party stores – ‘collect money for services that don’t exist’ [...]
Dell Wyse Management Suite subject to database exposure, session hijacking
Vulnerabilities were identified that could 'compromise administrative sessions' [...]
« newer articles | page 40 | older articles »