Cox fixed an API auth bypass exposing millions of modems to attacks
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems’ settings and steal…
Author: Cybernoz
China Increasingly Targeting Canadians With Cyber Operations
China is increasingly targeting Canadian citizens and organizations through the scale and scope of its cyber operations, warned the Canadian Centre for Cyber Security (Cyber…
3 Bug Bounty Lessons From Retail & eCommerce Customers
How do security vulnerabilities uniquely impact the retail and eCommerce space, and how can retail and eCommerce organizations use ethical hackers to mitigate risk? We…
361 million stolen accounts leaked on Telegram added to HIBP
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the…
CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog
CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 03, 2024 CISA adds Oracle WebLogic Server OS command injection…
Azure Service Tags tagged as security risk, Microsoft disagrees
Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers’ private data.…
Top 10 AI Embarrassments to Avoid
Unlike traditional security flaws, which typically result in data breaches or service disruptions, AI systems can also cause embarrassment through errors in judgment, biased decision-making,…
Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. The Telerik Report Server…
Hugging Face Discloses Unauthorized Access To Spaces Platform
Hackers penetrated artificial intelligence (AI) company Hugging Face’s platform to access its user secrets, the company revealed in a blog post. The Google and Amazon-funded…
Keeping Pace with an Evolving Security and Trust Landscape
By Dean Coclin, Senior Director, Digital Trust Specialist, DigiCert It’s clear that 2023 will be remembered as the point that artificial intelligence (AI) stepped out…
Popular WordPress Plugins Leave Millions Open to Backdoor Attacks
Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP Statistics and LiteSpeed! Learn how these attacks…
97 FTSE 100 firms exposed to supply chain breaches
Of the 100 organisations listed on the Financial Times Stock Exchange (FTSE) 100 list of Britain’s most highly capitalised firms, 97 were exposed to a…