Last month two Italian security researchers revealed they had netted more than $46,000 in bug bounties after discovering a misconfiguration vulnerability in Akamai – despite receiving nothing from Akamai...
Fortinet is urging customers to patch a critical authentication bypass vulnerability that has already been exploited in the wild. Earlier this month, the networking vendor patched the bug, CVE-2022-40684,...
OpenID Connect (OIDC) identity service Dex has patched a critical vulnerability that would allow an attacker to fetch an ID token through an intercepted authorization code and...
Vulnerabilities in a third-party module within the firmware of NETGEAR routers and Orbi WiFi Systems could lead to arbitrary code execution on affected devices. The component...
Uber’s bug bounty reports are compromised by a social engineering attack on internal networks. Uber is investigating claims its systems have been compromised by an attacker....
New web targets for the discerning hacker The otherwise typically low-key month of August also brings infosec’s most renowned conference: Black Hat USA, which this year brought...
WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws allowed...
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack. From the infamous NotPetya campaign to the CCleaner backdoor, watershed infosec moments are not...
Malicious builds and wider infrastructural compromise were worst-case scenarios. Security researchers have identified multiple workflows in popular continuous integration and development (CI/CD) service GitHub Actions that...
Initiative adds another layer of protection for end-to-end identity verification platform. Digital identity verification company Onfido has launched a new bug bounty program, in partnership with European vulnerability...
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library. Diversified technology and infrastructure software provider Open-Xchange has released fixes for several security...
‘Vast majority’ of users have updated systems thanks to vendor warnings. Vulnerabilities in FileWave’s mobile device management (MDM) platform could enable attackers to seize control of vulnerable instances...
The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting...
Inadequate access control and CSRF protections spawn critical and high severity issues. Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary...
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation. Malicious actors could take over an administrator account in Grafana due to...
DID has been designed to give users and organizations greater security and privacy. Decentralized Identifiers (DID) is now an official web standard, according to a news release from...
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats apply. Some attacks on smartphones require physical access...
Authentication controls added to defend against account hijack threat. The English Premier League has introduced two-factor authentication (2FA) controls to its official Fantasy Premier League game (FPL), offering...
Mozilla’s message to MEPs appears to be gaining traction, says senior public policy manager at the non-profit. Mozilla has stepped up its efforts to dissuade EU...
Flaw in Amazon’s Kubernetes service has since been fixed. A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users...