The largest, vendor-agnostic bug bounty program in the world has warned that poor vendor patching could expose organizations to extra risk. This could lead to them spending upwards of $400,000 per upgrade. Trend Micro’s Zero Day Initiative, (ZDI), was responsible for almost 64% of vulnerabilities that were disclosed in 2021. The organization warned however of […]

The new technique of data exfiltration uses an ultrasonic channel to leak sensitive information to nearby smartphones from air-gapped computer. “Gairoscope”, the adversarial model, is named after Dr. Mordechai Guri who is head of research and development (R&D), in the Cyber Security Research Center at the Ben Gurion University of the Negev. In a paper, Guri’s research […]

The US Department of Justice (DoJ), has announced that it will not prosecute hackers in good faith under the Computer Fraud and Abuse Act. Yesterday’s statement announced a historic policy shift that said white-hat hackers would not face prosecution for accessing computers to improve cybersecurity. Good-faith hacking is defined by the DoJ as “accessing a machine solely […]

According to security company Sophos, the BlackCat ransomware group deployed a new binary in order to aid its intrusion efforts. The company discovered that it is using Brute ratel, which includes remote access features for attackers. Numerous Sophos customers called the company to inquire about BlackCat ransomware infections. New analysis revealed that the group exploits unpatched VPNs and firewalls to access […]

In January 2022, the US Government Cyber Security Strategy was launched. This initiative aims to protect the government against cyber-attacks, strengthen the USA as a sovereign country, and establish its position in the cyber world as a democratic and technological powerhouse. The advisory board is open to applications from anyone interested. Applicants are asked to […]

During an internal penetration test, an unauthenticated arbitrary objects instantiation vulnerability was discovered in LDAP Account Manager. LAM is a PHP web app that allows you to manage entries, such as users, groups or DHCP settings, in LDAP directories. It is also one of the alternatives for FreeIPA. It is included in Debian repositories. However, a flaw […]

Researchers have warned that malicious actors could seize control of Grafana’s administrator account due to a vulnerability in the OAuth login function. This security flaw (codename CVE-2022-3107) could allow an attacker access to another user’s account via the open-source analytics platform. A team of researchers discovered the bug in the platform’s login function. This bug allows attackers to […]

Jenny Radcliffe, also known as “The People Hacker”, has been inducted into Infosecurity Europe’s hall of fame for 2022. Radcliffe will be inducted into the Hall of Fame at the keynote session during this year’s Infosecurity Europe 2023. This session will take place at ExCel London from June 21-23 2023. Eleanor Dallaway, editor of Infosecurity magazine, will host the […]

Today’s risk analysis shows that “smart” modern farm machinery is susceptible to malicious hackers. This leaves global supply chains at risk. The study, published in the journal Nature Machine Intelligence, warned that hackers could exploit flaws within agricultural hardware used for planting and harvesting crops. It also warned that hackers could exploit flaws in agricultural hardware such […]

Hacker scouts will be pleased to learn about new web targets The northern hemisphere is experiencing summer, but that hasn’t stopped the steady flow of new bug bounty programs hitting the market. Apple revealed vulnerabilities in its anti-spyware technology via the Security Bounty program during the teaser video for the new Lockdown mode. There are rewards up to $2,000,000 available. […]