Security News > 2022 > August

Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers. The biggest prize awarded by Microsoft was $200,000 under the Hyper-V Bounty Program and the average award was $12,000.

Cloud communications giant Twilio, the owner of the highly popular two-factor authentication provider Authy, says that it has so far identified 125 customers who had their data accessed during a security breach discovered last week. "We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them," Twilio revealed in an update to the original disclosure.

Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products. The issue, tracked as CVE-2022-0028, is an URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out amplified TCP denial-of-service attacks.

Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age. According to Intel, adding the TRC brings fault injection detection technology to the Converged Security and Management Engine, a part of the Platform Controller Hub chipset in Alder Lake.

Twitter accidentally exposed the personal information-including phone numbers and email addresses-for 5.4 million accounts. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter's systems.

Users of Apple's Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track 'every single tap' users make with external websites accessed via the software. iOS users' concerns over tracking were addressed by Apple's 2021 release of iOS 14.5 and a feature called App Tracking Transparency.

Advanced, the MSP forced to shut down some of its servers last week after identifying an "Issue" with its infrastructure hosting products, has confirmed a ransomware attack and says recovery will be in the order of weeks. Some 36 customers from the UK's National Health Service use services provided by Advanced, including NHS 111, which provides round-the-clock support such as health information.

My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of...

Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.The issue, assigned the identifier CVE-2022-20866, has been described as a "Logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software.