Reddit’s Public Bug Bounty Program Kicks Off: Q&A with Reddit’s Allison Miller and Spencer Koch, and top program hacker @renekroka- Tempemail

After three years running a successful private bug bounty program on Tempemail, Reddit has announced that it’s taking their bug bounty program public. We sat down with Reddit’s CISO and VP of Trust Allison Miller, resident Security Wizard Spencer Koch, and Reddit’s top hacker Rene Kroka to learn more. Read on Continue Reading

Critical Auth Bypass Bug Found in VMware Data Center Security Product – Tempemail

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior Continue Reading

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems – Tempemail

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an “attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or Continue Reading

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online – Tempemail

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation development comes on the heels of Continue Reading

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps – Tempemail

A newly discovered glitch in Zoom’s screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it Continue Reading

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild – Tempemail

Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users. While Continue Reading

Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices – Tempemail

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Continue Reading

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories – Tempemail

Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple’s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive Continue Reading

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! – Tempemail

Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world’s most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac, and Linux Continue Reading