Friday 12 August 2022

Cisco Pwned by ‘Russian’ Gang — Data Leaked, Egg on Face - Security Boulevard

MFA FAIL: Cisco got hacked by a ransomware gang—a broker for the UNC2447 threat actor, linked to the Yanluowang crew (pictured). This was way back at the end of May, but Cisco’s only now talking about it.

Thursday 11 August 2022

We Must Kill ‘Dinosaur’ JavaScript | Microsoft Open Sources 3D Emoji - DevOps.com

The moral of the story: The Devil hath power to assume a pleasing shape

DevOps: Fix your dangerous redirects! Amex shows how - ReversingLabs

And Snap shows how not: Recent ‘LogoKit’ spear phishing campaigns have misused open redirect URLs in web apps from Snapchat and American Express. When alerted, Amex quickly fixed the hole, but Snap’s is still open after more than a year.

Tuesday 9 August 2022

Twilio Fails Simple Test — Leaks Private Data via Phishing - Security Boulevard

“Sophisticated” Sophistry: Twilio (NYSE:TWLO) customer data has leaked—after a simple phishing attack on employees. The firm isn’t saying how many end-users are affected, but it could run into the millions.

Monday 8 August 2022

Slack App Leaked Hashed User Passwords for 5 YEARS - Security Boulevard

‘One Way’ Hash — Yeah, Right: Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked—albeit in the form of a salted hash. People are asking how this could have happened, and how it remained undetected for so long—more than five years.