About

Archive - July 2022

GitHub Actions workflow flaws provided write access to projects including Logstash 29 July 2022 at 15:24 UTC XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks 29 July 2022 at 14:30 UTC Bug Bounty Radar // The latest bug bounty programs for August 2022 29 July 2022 at 13:23 UTC GitHub enhances 2FA for NPM, improves security and manageability 28 July 2022 at 15:32 UTC Onfido bug bounty program launched to help shore up ID verification defenses 28 July 2022 at 13:19 UTC One in five data breaches due to software supply chain compromise, IBM report warns 27 July 2022 at 15:04 UTC Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite 27 July 2022 at 12:49 UTC FileWave MDM authentication bypass bugs expose managed devices to hijack risk 26 July 2022 at 15:17 UTC Critical security vulnerability in Grails could lead to remote code execution 26 July 2022 at 13:01 UTC Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax 26 July 2022 at 11:52 UTC Cisco patches dangerous bug trio in Nexus Dashboard 25 July 2022 at 14:10 UTC Adversarial attacks can cause DNS amplification, fool network defense systems, machine learning study finds 25 July 2022 at 11:33 UTC ‘We’re still fighting last decade’s battle’ – Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain 22 July 2022 at 15:40 UTC Zyxel firewall vulnerabilities left business networks open to abuse 22 July 2022 at 13:40 UTC Grafana patches vulnerability that could lead to admin account takeover 22 July 2022 at 12:49 UTC Atlassian patches batch of critical vulnerabilities across multiple products 21 July 2022 at 15:17 UTC WordPress plugin security audit unearths dozens of vulnerabilities impacting 60,000 websites 21 July 2022 at 13:33 UTC Zero-day flaws in GPS tracker pose surveillance, fuel cut-off risks to vehicles 20 July 2022 at 16:18 UTC W3C launches Decentralized Identifiers as a web standard 20 July 2022 at 12:53 UTC ‘Password extraction risk’ in identity provider Okta disputed 19 July 2022 at 15:00 UTC Tor Browser 11.5 release enables users to automatically circumvent censorship 19 July 2022 at 13:10 UTC LDAP Account Manager bug poses unauthenticated remote code execution risk 19 July 2022 at 10:52 UTC ‘Endemic’ Log4j bug set to persist in the wild for at least a decade, US government warns 18 July 2022 at 14:29 UTC Prototype pollution in Blitz.js leads to remote code execution 18 July 2022 at 12:43 UTC More than 4,000 individuals’ medical data left exposed for 16 years 15 July 2022 at 15:28 UTC Fantasy Premier League football app introduces 2FA to tackle account takeover hacks 15 July 2022 at 14:10 UTC Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo 15 July 2022 at 13:22 UTC Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature 14 July 2022 at 12:56 UTC Vulnerability in AWS IAM Authenticator for Kubernetes could allow user impersonation, privilege escalation attacks 13 July 2022 at 14:29 UTC Vivaldi browser founder Jon von Tetzchner puts privacy at the center of development 13 July 2022 at 12:31 UTC Take threats against machine learning systems seriously, security firm warns 12 July 2022 at 13:01 UTC UK NCSC and ICO urge legal sector to discourage businesses from paying ransomware demands 12 July 2022 at 10:07 UTC PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive 11 July 2022 at 15:56 UTC Post-quantum cryptography hits standardization milestone 11 July 2022 at 15:02 UTC ‘Dirty dancing’ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking 11 July 2022 at 12:33 UTC AstraLocker ransomware decryptors released by Emsisoft 08 July 2022 at 15:40 UTC Decentralized Identifiers: Everything you need to know about the next-gen web ID tech 08 July 2022 at 14:14 UTC Node.js fixes multiple bugs that could lead to RCE, HTTP request smuggling 08 July 2022 at 13:21 UTC Lockdown Mode: Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech 07 July 2022 at 15:30 UTC SMEs slow to adopt MFA – study 07 July 2022 at 14:10 UTC Fortinet patch batch remedies multiple path traversal vulnerabilities 07 July 2022 at 12:47 UTC Atlassian patches full-read SSRF in Jira 06 July 2022 at 15:21 UTC High severity OpenSSL bug could lead to remote code execution 06 July 2022 at 13:14 UTC Spring Data MongoDB hit by another critical SpEL injection flaw 05 July 2022 at 15:50 UTC CWE Top 25: These are the most dangerous software weaknesses of 2022 05 July 2022 at 14:40 UTC HackerOne employee stole data from bug bounty reports for financial gain 05 July 2022 at 13:23 UTC ‘Does anybody like CAPTCHAs?’ – Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests 04 July 2022 at 15:20 UTC Australia’s Monash University launches public bug bounty program 04 July 2022 at 14:28 UTC US eye clinic suffers data breach impacting 92,000 patients 04 July 2022 at 12:59 UTC Gitlab patches critical RCE bug in latest security release 01 July 2022 at 13:26 UTC Cyber Europe 2022: EU completes large-scale cyber war game exercise 01 July 2022 at 13:10 UTC Latest web hacking tools – Q3 2022 01 July 2022 at 10:43 UTC