Explainer: What does the UK’s Integrated Review mean for cybersecurity?
Stephen Pritchard sheds light on the government’s new defense strategy [...]
Showing only posts by The Daily Swig. Show all posts.
Facebook awards $55k bug bounty for third-party vulnerabilities that could compromise its internal network
Two vulnerabilities could be chained to lead to server-side request forgery [...]
Space jam: Researchers and satellite start-ups meet to discuss celestial cybersecurity
Space industry can no longer rely on ‘security through obscurity’, Cysat ’21 delegates hear [...]
MangaDex website taken offline following cyber-attack, data breach
Owners of manga fan site are rebuilding the codebase following series of security incidents [...]
GitHub awards bug bounty hunter $25,000 for Actions secrets theft report
The vulnerability was found in GitHub’s pull request mechanism [...]
GE patches serious vulnerabilities in UR power management devices
Universal Relay devices are used to simplify power management in critical infrastructure assets [...]
GitHub releases post-mortem on race condition vulnerability that forced global user sign-out
Issue resulted in some users gaining access to other users’ sessions [...]
Chained vulnerabilities used to take control of MyBB forums
Esoteric hacking risk addressed through recent update [...]
Google awards Uruguayan researcher $133,337 top prize in cloud security competition
Six winning write-ups ranged from identity management issues and privilege escalation to ‘full blown RCE’ [...]
Cypriot hacker who extorted website owners by threatening to leak stolen data is jailed
US sentence and a heavy fine for criminal hacker who targeted multiple organizations [...]
Penetration testing of enterprise systems more prevalent than ever due to remote working during Covid-19 pandemic
Cybersecurity staff are being asked to conduct more pen tests – but this still might not be enough [...]
Microsoft blames crypto key rotation snafu for 365 outage
Teams, Exchange Online, and other services were knocked offline for more than 14 hours [...]
Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information
Third-party report finds ‘no evidence’ that security firm’s source code was modified [...]
Spectre attacks against websites still a serious threat, Google warns
Browser-maker urges web developers to take action against vulnerability that continues to haunt the industry [...]
UK defense and foreign policy review places ‘cyber’ front and center
Prime Minister says the new National Cyber Force will have its headquarters in the north of England [...]
DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping
XSS security flaw has already been patched in Google Chrome and Mozilla Firefox [...]
Fastway data breach: Security incident at Irish courier impacts more than 440,000 parcel recipients
Cyber-attack compromises delivery data [...]
The age of Covid-19: Lockdowns and cybersecurity, 12 months on
Infosec ‘slow-pocalypse’ sees surge in ransomware and online fraud [...]
Pwning the pen tester: Malicious Wireshark packet capture file risk revealed
CVE assigned due to potential for harm even though some social engineering trickery is required [...]
LocalStack zero-day vulnerabilities chained to achieve remote takeover of local instances
Project maintainers reportedly declined to fix flaws due to limited attack scenarios [...]
Shorteners – new tool allows researchers, orgs to search for exposed shortened URLs
Users can search or browse any links that have been shortened from a specific domain [...]
US Congresswoman proposes national data privacy law
Bill would enact a unified federal law governing the use of citizens’ personal information [...]
Regexploit tool unveiled with a raft of ReDoS bugs already on its resume
Optional whitespaces were ‘a recurring source of vulnerabilities’ in regex implementations [...]
Linux community project aims to tackle dependency confusion attacks with easy code signing, verification
Sigstore: a Let’s Encrypt for software integrity [...]
Tsao vs. Captiva – How a US data breach court case could have major impact on the legal definition of ‘harm’
Successful data breach class action litigation may soon depend on the location where the lawsuit is filed [...]
« newer articles | page 50 | older articles »