Severe Parse Server bug impacts Apple Game Center
Fake certificates could be used to bypass authentication controls [...]
Showing only posts in The Daily Swig. Show all posts.
Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws
Scores of security issues in industrial control systems unveiled [...]
Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher
Iconic hot tub manufacturer addresses flaws that also apparently exposed numerous backend services [...]
Critical Citrix ADM vulnerability creates means to reset admin passwords
Improper access control flaw poses DoS-to-RCE hijack risk [...]
Internet scans find 1.6 million secrets leaked by websites
Probe surfaces ‘alarmingly huge’ number of unredacted tokens and keys [...]
Attackers can use ‘Scroll to Text Fragment’ web browser feature to steal data – research
In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server [...]
Russian botnet ‘RSOCKS’ dismantled after hacking millions of devices
Sock it to ‘em [...]
Reddit patches CSRF vulnerability that forced users to view NSFW content
Mischievous hackers exploiting flaw could subvert ‘not safe for work’ restrictions [...]
RubyGems trials 2FA-by-default in code repo’s latest security effort
Move intended to help prevent Ruby packages from being used in supply chain attacks [...]
Ransomware attack on Montrose Environmental Group disrupts lab testing services
Some lab results will be delayed, company warns [...]
Business email platform Zimbra patches memcached injection flaw that imperils user credentials
Attackers could also potentially gain access to various internal services, researcher warns [...]
Dark web awash with breached credentials, study finds
Many consumers still relying on easy-to-crack passwords, warns Digital Shadows [...]
Security researcher receives legal threat over patched Powertek data center vulnerabilities
Vendor threatened legal action following disclosure and fixes being issued, bug hunter claims [...]
Data breach at US ambulance billing service Comstar exposed patients’ healthcare information
Medical payments company admits network intrusion [...]
HID Mercury access control vulnerabilities leave door open to lock manipulation
Manufacturer addresses threat to integrity and availability of physical access systems sold by LenelS2 [...]
Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol
ODoH is said to enhance user privacy without compromising performance [...]
GhostTouch: Hackers can reach your phone’s touchscreen without even touching it
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats apply [...]
Kaiser Permanente data breach exposed healthcare records of 70,000 patients
Health plan provider plays down ID theft fears after breach at Washington state division [...]
Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns
New hacking technique allows threat actors to evade some of the most effective phishing countermeasures [...]
French government launches private bug bounty program for identity authentication app
Cryptographic skillset favored during hacker selection process [...]
US Justice Department offers blueprint for more ‘innovative, secure IT capabilities’
‘Zero trust’ architecture and secure supply chains to the fore in new strategy [...]
Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups
Sysadmins should update their installations immediately [...]
Chinese cyber threat actors are widely abusing well-known attacks to infiltrate networks, CISA warns
APTs hammering unpatched vulnerabilities [...]
Formidable developer fights back against ‘critical’ CVE vulnerability assignment
‘This false accusation messed up the release of one of our services,’ maintainer laments [...]
Researcher defends Formidable in fight against ‘critical’ CVE vulnerability assignment
‘This false accusation messed up the release of one of our services,’ security pro laments [...]
« newer articles | page 12 | older articles »