Rust patches sneaky ReDoS bug
Regex defenses restored to thwart resource consumption trap [...]
Showing only posts in The Daily Swig. Show all posts.
Workaround offered for unpatched HTML-to-PDF rendering vulnerability
Security flaws exposed in popular dompdf PHP library [...]
Apple Safari empowers developers to mitigate web flaws with WebKit CSP enhancements
Apple praised for changes that ‘allow developers to build safe web applications’ [...]
Downdetector: How the popular site outage tracker is helping to improve web security
‘Minutes matter, and being able to get that additional feed can give infosec teams the edge’ [...]
‘Fox guarding the henhouse’ – Founder of cyber-fraud prevention company pleads guilty to defrauding investors
Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in funding [...]
Unpatched plugins threaten millions of WordPress websites
Number of vulnerabilities found in WordPress plugins and themes jumped 150% between 2020 and 2021 [...]
HackerOne lifts ‘sanctions’ against Ukrainian hackers
Platform apologizes for ‘poor communication’ over bug bounty payouts [...]
OpenSSL drops update addressing ‘high severity’ denial of service issue in ubiquitous encryption library
The race is on for maintainers of downstream applications [...]
Node.js security: Parse Server remote code execution vulnerability resolved
GitHub has awarded the bug a severity score of 10 – the highest available [...]
Israeli government websites temporarily knocked offline by ‘massive’ cyber-attack
DDoS assault blamed on Iran, local media reports [...]
Prison service for England and Wales recorded more than 2,000 data breaches over 12 months
Ministry of Justice said information commissioner ‘satisfied’ with response to one particularly contentious breach [...]
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack [...]
‘Cybersecurity incident’ at Ubisoft disrupts operations, forces company-wide password reset
Lapsu$ threat actors have been linked to the cyber-attack [...]
Stats widget hacked in attempt to breach Russian government agency websites
The software was reportedly used as part of a short-lived software supply chain attack [...]
UK ferry operator Wightlink flags potential data breach after ‘highly sophisticated’ cyber-attack
Personal data potentially compromised, but English Channel crossings unaffected [...]
Microsoft praised for quickly resolving Azure Automation cloud security vulnerability
Automatic for the people [...]
RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI
Agency issues mitigation advice to help organizations tighten network defenses [...]
1Password increases bug bounty reward to $1 million
Researchers offered record incentive for vulnerabilities found on Bugcrowd programs [...]
Middleboxes now being used for DDoS attacks in the wild, Akamai finds
Malicious actors are starting to add TCP middlebox reflection to their arsenal [...]
Exploit chain allows security researchers to compromise Pascom phone systems
Cloudy with a chance of exploits [...]
Exploit chain allows security researchers to pwn phone system
Cloudy with a chance of exploits [...]
Critical Axeda vulnerabilities pose takeover risk to hundreds of IoT devices
Serious supply chain threat posed to downstream medical devices in particular [...]
Government agencies in Ukraine targeted in cyber-attacks deploying MicroBackdoor malware
A number of state bodies have been attacked since Russia’s invasion began [...]
Electronics retailer Adafruit apologises after training data containing real customer info leaks onto GitHub
IoT hardware vendor promises to tighten up procedures [...]
Aspiring women in infosec need role models and collective strength, industry panel hears
Another panelist urged young security pros to consider starting out as generalists before specializing [...]
« newer articles | page 19 | older articles »