Current News
In a concerning turn of events, a vast number of CVs have been exposed due to a significant oversight in data protection measures. The breach occurred when a company inadvertently left one of its databases unsecured on the internet. This negligence has resulted in hundreds of thousands of personal a...
CISA has sounded the alarm over potential threats posed by Iranian brokers targeting critical infrastructure. This alert is crucial for organizations operating in key sectors, providing essential guidelines on safeguarding digital environments and identifying potential attacks in their early stages....
Recent findings have unveiled a concerning trend among IT decision-makers that could have significant repercussions for organizational security. The report highlights that a surprising number of IT leaders are opting to disable critical security controls, actions which could potentially expose their...
Brillen.de recently faced a significant data leak, revealing over 3.5 million customer records online. This breach exposed potentially sensitive information, including customers' names, addresses, emails, mobile numbers, gender, birth dates, and order details such as invoice amounts and dates.
Det
...The German Federal Ministry for Economic Affairs and Climate Action is taking significant steps to bolster the IT security of wind power installations and foster a more equitable competitive landscape in the wind energy industry across Germany and Europe. This initiative, embraced by the German Wind...
A shocking breach of security unfolded when a firm inadvertently hired a North Korean cyber criminal, leading to significant data compromise within just a few months.
Deceptive Employment
The individual managed to infiltrate the company under the guise of a legitimate employee, securing a positi...
In a digital age where online privacy is paramount, using a virtual private network (VPN) is a crucial step in protecting your information. A VPN acts like a secure tunnel for your data, shielding it from potential online threats, especially when you're using public networks. NordVPN is a popular ch...
In an era where digital threats are becoming more sophisticated and frequent, organizations are increasingly finding themselves at the mercy of ransomware attacks. These cyber-attacks are not only becoming more prevalent, but they are also resulting in a significant rise in ransom payments made by b...
The Cyber Resilience Act (CRA) has been embraced by the European Council, marking a significant advancement in the realm of software and connected product security. This groundbreaking piece of legislation applies cybersecurity mandates on manufacturers of software and connected products sold within...
Introducing the Global Vulnerability Policy Map
To help organizations navigate the complex landscape of Vulnerability Disclosure Policies (VDPs), HackerOne has introduced an innovative tool - the Global Vulnerability Policy Map. This interactive, map-based tracker empowers users to easily identify...
The cyber landscape is fraught with increasing threats, often intertwining political motives with cybercriminal activities. In an alarming development from December 2023, the hacker group known as Anonymous Sudan launched a relentless series of Distributed Denial of Service (DDoS) attacks against Op...
In a groundbreaking development in the realm of cybersecurity, a team of Chinese researchers has managed to decode RSA encryption using quantum computing technology. This advancement, leveraging D-Wave’s quantum annealing systems, signals a pivotal moment, potentially accelerating the timeline whe...
During a public hearing at the Parliamentary Control Committee of the Bundestag, heads of Germany's intelligence agencies expressed urgent warnings about the increasing digital threat landscape. Leaders from the Federal Intelligence Service (BND), the Federal Office for the Protection of the Constit...
As AI technologies continue to progress, they bring new threats and vulnerabilities. The importance of maintaining the security and ethical use of these advanced systems has never been more critical. In response to this need, the 0Din program emerges as a specialized GenAI bug bounty initiative to f...
Understanding Broken Access Control (BAC)
Broken Access Control (BAC) is a significant vulnerability type where unauthorized users gain access to sensitive features or data within an application. This flaw often arises when there are insufficient permission checks or when the application fails to...
Reinforcing Cybersecurity Across Europe
The European Union is advancing its cybersecurity efforts with the introduction of NIS2, a directive aimed at enhancing the resilience of critical sectors. This directive places new and updated obligations on entities to improve their cybersecurity risk mana...
Testing Methodologies
Enhancing the security of internal networks is crucial. To achieve this, HackerOne utilizes robust testing methodologies grounded in established frameworks such as PTES, OSSTMM, NIST SP 800-115, and CREST. These methodologies are tailored to analyze various assessment types,...
In the ever-evolving landscape of cybersecurity, vulnerabilities known as Insecure Direct Object References (IDOR) pose significant threats if left unaddressed. A recent in-depth exploration highlights that IDOR vulnerabilities account for 7% of reported vulnerabilities on the HackerOne platform, wi...
Dating app users of Feeld, a platform tailored for alternative relationship preferences, face potential privacy risks after cybersecurity specialists uncovered several vulnerabilities. These security gaps could allow unauthorized access to messages, intimate photos, and details of users' sexuality,...
The days of repeatedly changing your passwords are coming to a close, much to the relief of many. With the increasing number of online accounts in both professional and personal spheres, managing passwords has become a significant challenge. The traditional practice of regularly changing passwords i...