About

Archive - August 2022

Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa 31 August 2022 at 15:30 UTC Command injection vulnerability in GitHub Pages nets bug hunter $4k 31 August 2022 at 14:15 UTC Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report 30 August 2022 at 15:13 UTC Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries 30 August 2022 at 11:13 UTC Critical command injection vulnerability discovered in Bitbucket Server and Data Center 26 August 2022 at 14:03 UTC LastPass flags security incident after attackers stole source code, technical information 26 August 2022 at 10:52 UTC Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier 25 August 2022 at 13:07 UTC Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats 24 August 2022 at 13:27 UTC Security researchers blast ‘ridiculous’ CrowdStrike bug disclosure practices 23 August 2022 at 13:57 UTC GitLab patches critical remote code execution bug 23 August 2022 at 11:01 UTC API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022 19 August 2022 at 12:16 UTC Vulnerability in open source identity management system Free IPA could lead to XXE attacks 18 August 2022 at 15:38 UTC Secure Open Source Rewards program launched to help protect critical upstream software 18 August 2022 at 12:09 UTC Swiss Post relaunches e-voting bug bounty program 17 August 2022 at 14:28 UTC Developers still struggling with security issues during code reviews, study finds 17 August 2022 at 10:46 UTC Legitimate hacking activities under UK law proposed by ‘expert consensus’ 16 August 2022 at 15:38 UTC Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases 16 August 2022 at 12:40 UTC Germany to mandate minimum security standards for web browsers in government 15 August 2022 at 14:18 UTC Healthcare provider Novant issues data breach warning after site tracking pixels sent patients’ information to Meta servers 15 August 2022 at 12:31 UTC IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution 12 August 2022 at 15:13 UTC BHUSA: Make sure your security bug bounty program doesn’t create a data leak of its own 12 August 2022 at 14:02 UTC GoTestWAF adds API attack testing via OpenAPI support 12 August 2022 at 12:29 UTC Black Hat USA: Pen testing tool that aims to ‘keep the fun in hacking’ unveiled 12 August 2022 at 09:58 UTC Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA 11 August 2022 at 16:21 UTC ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA 11 August 2022 at 15:35 UTC Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground 11 August 2022 at 13:10 UTC Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time 11 August 2022 at 10:02 UTC Black Hat USA: Ex-CISA director Chris Krebs urges orgs to bolster infrastructure amid Taiwan tensions 10 August 2022 at 21:05 UTC Cisco router flaw gives patient attackers full access to small business networks 10 August 2022 at 12:52 UTC Microsoft Edge deepens defenses against malicious websites with enhanced security mode 09 August 2022 at 16:31 UTC Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions 09 August 2022 at 12:55 UTC The best Black Hat and DEF CON talks of all time 08 August 2022 at 13:38 UTC XSS in Gmail’s AMP For Email earns researcher $5,000 05 August 2022 at 15:59 UTC High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation 05 August 2022 at 14:15 UTC Authentication bypass bug in Nextauth.js could allow email account takeover 05 August 2022 at 12:25 UTC Chromium site isolation bypass allows wide range of attacks on browsers 04 August 2022 at 14:00 UTC ParseThru: HTTP parameter smuggling flaw uncovered in several Go applications 04 August 2022 at 10:55 UTC Swiss government announces upcoming launch of federal bug bounty program 03 August 2022 at 15:30 UTC Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory 03 August 2022 at 13:52 UTC Trio of XSS bugs in open source web apps could lead to complete system compromise 02 August 2022 at 15:19 UTC ‘You get respect for owning what happened’ – SolarWinds’ CISO on the legacy and lessons of Sunburst 01 August 2022 at 15:36 UTC CompleteFTP path traversal flaw allowed attackers to delete server files 01 August 2022 at 13:14 UTC