The Daily Swig

Researcher discovers Go typosquatting package that relays system information to Chinese tech firm

One of two packages deemed to warrant further investigation purported to be the GitHub ‘cli’ repository that is widely used for building CLI (command-line interface) Go projects.

Data analytics agency Polecat held to ransom after server exposed 30TB of records

An unsecured server belonging to Polecat, a data analytics company, exposed an estimated 30 terabytes of business records online, resulting in the firm being held to ransom.

H2C smuggling named top web hacking technique of 2020

A novel alternative to traditional HTTP request smuggling that spotlighted an obsolete, hitherto obscure protocol has been recognized as 2020’s top web hacking technique.

Nginx: Server misconfigurations found in the wild that expose websites to attacks

Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx config files from GitHub that could leave web applications vulnerable to attack.

Popular Node.js package vulnerable to command injection attacks

The maintainers of systeminformation, a Node.js package used for getting hardware, system, and OS information, have patched a bug that left applications vulnerable to command injection attacks.

Filipino Credit App Cashalo Hit by Data Breach Impacting Users’ Personally Identifiable Information

Cashalo, which offers cash loans and other financial services in the Philippines, confirmed that “illegal access” of a database has resulted in the leak of some personally identifiable information.

ServiceNow admin credentials among hundreds of passwords exposed in cloud security blunder

Over 600 enterprises, universities, and government agencies may have inadvertently exposed their login credentials – many with administrator privileges – due to a vulnerability in ServiceNow.

Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper

Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.

Hoffman Construction shores up its defense systems after employee healthcare data breach

In a breach notification statement, Hoffman said that as soon as it discovered the problem it “disabled the affected systems, took steps to secure our network, and began an investigation”.

SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits

The highest threat to systems running affected versions of SQLite, a C-language library that implements an SQL database engine, is to system availability, according to a Red Hat Bugzilla thread.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags