Security Alerts & News
by Tymoteusz A. Góral

History
#2028 Serious Cloudflare bug exposed a potpourri of secret customer data
Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords, and cookies and tokens used to authenticate users.

A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time, by making Web requests to affected websites, and to access some of the leaked data later by crafting queries on search engines.
Read more
#2033 Google has demonstrated a successful practical attack against SHA1
#2032 State of cyber security 2017 (PDF)
#2031 UK police arrest suspect behind Mirai malware attacks on Deutsche Telekom
#2030 Released Android malware source code used to run a banking botnet
#2029 Eleven-year-old root flaw found and patched in the Linux kernel
#2028 Serious Cloudflare bug exposed a potpourri of secret customer data
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12