Hacker selling Vodafone’s Ho Mobile database of 2.5M users
A threat actor has posted a thread on one of the dark web forums claiming to sell Ho Mobile's database...
Security
Joomla fixes ACL violation vulnerability after 2 years
The development team behind popular CMS Joomla which powers over 2.5 million sites has patched an access control violation vulnerability...
Google ‘Send Feedback’ bug could expose your sensitive data to attackers
This week, security researcher KL Sreeram has disclosed a vulnerability in Google Docs which could let hackers steal sensitive data...
Insecure QR codes on COVID-19 test results come with data exposure risks
As more and more governments around the world impose mandatory coronavirus testing for arriving international passengers during the ever-evolving pandemic...
Facebook fixes Instagram bug that leaked user’s private email address and birthday
This week a researcher walked away with a $13,125 bug bounty award for responsibly reporting a data leak to Facebook....
Source code used by Central Banks and Stock Exchanges leaked online
This week, the source code of CMA, a software provider relied on by leading central banks across nations and stock...
Steam gamers: your Windows PC is prone to privilege escalation attacks
Steam, a popular video game platform is vulnerable to privilege escalation attacks. On Windows PCs, Steam creates installation directories with...
Canadian government site canada.gc.ca SSL certificate expires, breaks links
If you head to https://canada.gc.ca right now, ideally it should redirect automatically to the newer canada.ca government domain. However, on...
DoS flaw lets attackers crash NodeJS apps via DNS lookups
This week, NodeJS project has released fixes for a DoS vulnerability, CVE-2020-8277, that could be triggered via DNS requests. An...
Drupal fixes critical Remote Code Execution vulnerability, patch now
Drupal, a popular CMS and blogging platform has patched a remote code execution vulnerability, CVE-2020-13671. Today, over half a million...