-
Gitpod flaw shows cloud-based development environments need security assessments
PRIVACY PRIVACY Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations…
-
API Security Flaw Found in Booking.com Allowed Full Account Takeover
PRIVACY PRIVACY The vulnerabilities could affect users logging into the site via their Facebook accounts Read More
-
Vice Society publishes data stolen during Vesuvius ransomware attack
PRIVACY PRIVACY A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuvius, the London Stock Exchange-listed molten metal flow engineering company. Read More
-
Software liability reform is liable to push us off a cliff
PRIVACY PRIVACY Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic back into focus, but it’s still a thorny issue. (There’s a reason certain…
-
White House Launches National Cybersecurity Strategy
PRIVACY PRIVACY The Strategy provides guidelines on how companies allocate roles and responsibilities in cyber space Read More
-
Trezor crypto wallets under attack in SMS phishing campaign
PRIVACY PRIVACY Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, “Why do you keep robbing banks?” His answer? “Because that’s where the money is.” However, today there’s a better target for robbers today than banks, which are typically well-defended against theft… Cryptocurrency wallets. Read…
-
WH Smith investigates hacking attack after employee data stolen
PRIVACY PRIVACY British high street giant WH Smith has revealed that it has suffered a “cybersecurity incident,” which has seen hackers gain unauthorised access to its systems, and steal data including information related to current and former employees. Read More
-
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
PRIVACY PRIVACY Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as…
-
Indigo Books & Music refuses to pay ransom after hackers stole employee information
PRIVACY PRIVACY Following what it called a “cybersecurity incident” three weeks ago, Canadian bookstore chain Indigo has not only confirmed that it was hit by a ransomware attack, but also that data related to current and former employees was stolen by hackers. Read more in my article on the Hot for Security blog. Read More
-
WH Smith Discloses Cyber-Attack, Company Data Theft
PRIVACY PRIVACY Employee data was accessed by the threat actors, including names, addresses, and more Read More