Teen Becomes First to Earn $1M in Bug Bounties with HackerOne

He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot.

Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data

A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location – and even listen to conversations in real time.

IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams

Original release date: March 04, 2019 The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to …
Read More »

Project Zero Discloses High-Severity Apple macOS Flaw

Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

SB19-063: Vulnerability Summary for the Week of February 25, 2019

Original release date: March 04, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Visitor Kiosk Access Systems Riddled with Bugs

Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems.

Adobe Patches Critical ColdFusion Vulnerability With Active Exploit

Adobe has hurried out a patch for a critical arbitrary code execution vulnerability in its ColdFusion product.

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Cisco said that CVE-2019-1663, which has a CVSS score of 9.8, allows unauthenticated, remote attackers to execute arbitrary code.

Thunderclap Flaws Shatter Peripheral Security

Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals.

Cisco Patches High-Severity Webex Vulnerability For Third Time

Third time’s hopefully a charm for Cisco, which has patched a high-severity flaw once again in its Webex video conferencing platform.