October 7, 2024 at 07:45AM Organizations face significant financial losses of up to $186 billion annually due to vulnerable APIs and bot abuse, posing escalating risks to global businesses. API adoption has dramatically expanded the attack surface, leading to a 40% increase in API-related security incidents. Meanwhile, bot attacks have surged by 88%, driven by … Read more
July 29, 2024 at 10:50AM Recent security research by Salt Security’s Salt Labs revealed critical API security flaws in both Hotjar and Business Insider, exposing millions of users to potential account takeover. The flaws involve manipulating the OAuth standard with cross-site scripting, potentially enabling attackers to access sensitive data. The researchers warn that similar vulnerabilities … Read more
July 24, 2024 at 03:05PM Docker has issued security updates to address a critical vulnerability in certain versions of Docker Engine, which could allow attackers to bypass authorization plugins under specific conditions. The flaw, identified as CVE-2024-41110, affects several versions of Docker Engine, and patched versions up to v27.1.0 are advised for impacted users. Additionally, … Read more
July 3, 2024 at 12:48PM An unsecured Twilio API endpoint allowed threat actors to access millions of Authy users’ phone numbers, potentially making them vulnerable to smishing and SIM swapping attacks. ShinyHunters leaked a CSV file with 33 million phone numbers. Twilio has secured the API and urged users to update their Authy apps for … Read more
June 4, 2024 at 10:14AM An API authorization-bypass flaw in Cox Communications’ infrastructure exposed millions of business customer devices to attacks. Independent bug researcher Sam Curry identified and reported the issue, leading to a prompt fix by the provider. Potential risks included unauthorized access to customer information, Wi-Fi passwords, and connected devices. The vulnerability highlighted … Read more
June 4, 2024 at 06:24AM Cox Communications recently patched several vulnerabilities in their modems, preventing potential remote takeovers by hackers. Discovered in March by expert Sam Curry, the flaws allowed attackers to bypass authorization, gaining control of millions of modems and potentially accessing customer data. Cox promptly addressed the issue after being notified. Key Meeting … Read more
June 3, 2024 at 05:12PM Cox Communications fixed an authorization bypass vulnerability discovered by bug bounty hunter Sam Curry, preventing remote attackers from resetting modem settings and stealing sensitive customer information. The largest private broadband company in the U.S., Cox provides services to nearly seven million homes and businesses across over 30 states. The company … Read more
May 20, 2024 at 03:32PM UCSC students Alexander Sherbrooke and Iakov Taranenko discovered a security flaw in CSC ServiceWorks washing machines, allowing for free unlimited laundry cycles. Despite reporting the bug to the company and posting about it on Slug Security, CSC has not responded or fixed the vulnerability. Taranenko highlighted the potential financial impact … Read more
May 10, 2024 at 03:33PM Dell recently suffered a data breach compromising 49 million customer records, including personal data and hardware details, which were subsequently offered for sale on the Breach hacking forum. A threat actor named Menelik admitted to exploiting a partner portal to access and scrape the information, claiming ease of registration and … Read more
April 15, 2024 at 10:07AM Delinea’s Secret Server customers are urged to upgrade installations immediately due to a critical vulnerability discovered by researcher Johnny Yu. The vulnerability allows attackers to gain admin-level access, putting account credentials at risk. Delinea fixed the vulnerability but did not credit Yu, leading to concerns about transparency. The incident also … Read more