In a new 8-K report submitted to the SEC, T-Mobile acknowledged a bad actor accessed 37 million T-Mobile customer records via an API flaw without authorization checks.
T-Mobile reports bad actor accessed 37M customer records Read More »
Researchers have discovered Mount Locker ransomware now targets Windows Active Directory APIs to worm or spread its way through networks.
Mount Locker ransomware targets Windows APIs to spread through networks Read More »
VMware issued a security advisory for two vulnerabilities (CVE-2021-21975 and CVE-2021-21983) that impact vRealize Operations products.
VMware patches vRealize Operations vulnerabilities (CVE-2021-21975 and CVE-2021-21983) Read More »
SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.
SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148) Read More »
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.
Microsoft introduces Application Inspector Read More »
The Open Web Application Security Project (OWASP) has released its OWASP API Security Top 10 2019. This is the first version of the API Top 10. OWASP will likely update the guidelines every three to fours years, similar to the other OWASP Top 10 series.
OWASP API Security Top 10 2019 Read More »
Cisco has patched a critical vulnerability in the REST API of Cisco’s Elastic Services Controller that could lead to an attacker bypassing authentication on the REST API.
Critical bug patched in Cisco Elastic Services Controller REST API Read More »
Security researchers from Imperva have found thousands of Docker hosts exposed to a new vulnerability and exposed remote Docker API. The new research describes the threat along with sample scripts and what can be done about it.
Crypto miners exploit vulnerable Docker hosts Read More »
Researchers at Trend Micro have recently spotted malicious activity abusing systems running misconfigured Docker containers.
Misconfigured Docker containers abused to deliver cryptocurrency mining malware Read More »
Google has patched a reCAPTCHA security vulnerability that allows an attacker to bypass a system.
reCAPTCHA bypass vulnerability patched Read More »
