Cockpit CMS flaws exposed web servers to NoSQL injection exploits
Vulnerabilities could be leveraged for full RCE on Cockpit instances using MongoLite [...]
Showing only posts by The Daily Swig. Show all posts.
Software developer charged with sabotaging employer’s systems through denial-of-service attack
Crash of production server leads to FBI case, despite modest losses [...]
When vulnerability disclosure goes sour: New GitHub repo details legal threats and risks faced by ethical hackers
Public timeline of incidents aims to further conversation surrounding security research and vulnerability disclosure [...]
Behind the Great Firewall: Chinese cyber-espionage adapts to post-Covid world with stealthier attacks
Beijing adopting supply chain tactics and greater sharing of resources between spying groups, experts warn [...]
Cisco router flaws left small business networks open to abuse
Complexity to exploit authentication bypass bug ‘very low’ [...]
Feds zap Exchange Server backdoors as Microsoft offers patches for further flaws
Trouble comes in twos [...]
Inference attacks: How much information can machine learning models leak?
Academics warn that user privacy may fall at the hands of little-known attack vector [...]
Pressure grows on Valve to unplug Steam gaming platform vulnerabilities
Two-year-old RCE flaws still unpatched, bounty hunters claim [...]
Capcom ransomware attack: Hackers gained access via vulnerable VPN, report finds
Japanese gaming company fell victim to cyber-attack in November 2020 [...]
Surge in malware and cyber-attacks set to continue, Europol warns in SOCTA 2021 report
Cybercrime incidents are still ‘significantly under-reported’ by victims [...]
Indian stock trading site Upstox resets passwords in response to data breach fears
Company calls in experts and tightens security amid reports of data warehouse leak [...]
Covid-19 pandemic: How bug bounty programs helped secure some of the world’s leading track and trace apps
Crowdsourced security was a key tool in securing some countries’ efforts, while others missed the mark [...]
Pwn2Own 2021: Zero-click Zoom exploit among winners as payout record smashed
$1m payout barrier broken by attacks also targeting Microsoft Exchange, Windows 10 [...]
Critical GravCMS vulnerability offers lessons for software developers
Vulnerability in content management system opened the door to unauthenticated exploitation [...]
Facebook ‘knew about phone number data leak vulnerability two years before issue was fixed’, claims security researcher
Social media giant says ‘scraping’ was cause of issue that affected 500 million users [...]
BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE
Researcher says his findings ultimately led to a safer, more stable kernel [...]
Enter the Matrix: Secure communications network hits 30 million user milestone
We caught up with Matrix co-founders to find out how the project is developing and why the future of internet freedom may depend on decentralization [...]
Gigaset Android smartphones infected with malicious system update app
Vendor has confirmed the security fracas following what may have been a supply chain attack [...]
European privacy regulators lay down rules for Covid-status passports
Coronavirus travel pass plans must prioritize data privacy, says European Data Protection Board [...]
NSA workflow application Emissary vulnerable to malicious takeover
Users urged to update their systems after disclosure of serious vulnerabilities [...]
PHP maintainers release post-mortem report after backdoor planted in Git repo
More details released about the incident, though the attacker remains unidentified [...]
Booking.com fined $560,000 for GDPR data breach violation
Netherlands-based company failed to act quickly enough, says regulator [...]
Smart TV tech loophole allowed miscreants to view private YouTube videos
Security researcher earns $6,000 bug bounty for thinking outside of the box [...]
Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection
Flaw allowed attacker to leak victim’s IP address and gain access to local files [...]
President Biden’s new executive order could oblige software vendors to tell Uncle Sam about security breaches
Prompt disclosure shake-up follows SolarWinds calamity [...]
« newer articles | page 48 | older articles »