ThePhish: ‘the most complete’ non-commercial phishing email analysis tool
Developer says tool is more precise and queries a wider range of utilities than other free and open source rivals [...]
Showing only posts by The Daily Swig. Show all posts.
Chrome to bolster CSRF protections with CORS preflight checks on private network requests
Phased rollout begins from Chrome 98 with DevTools warnings of failed preflight requests [...]
Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software
Breaking the Box [...]
SSRF vulnerability in VMWare authentication software could allow access to user data
Post-authentication bug could enable an attacker to infiltrate a user account [...]
VPNLab takedown: Authorities dismantle secure communication tool favored by cybercriminals
VPN service was being used to support ‘serious criminal acts’, Europol says [...]
Celebrations over REvil ransomware arrests in Russia may be premature
‘It’s not clear whether the developers or lower-level criminals were arrested’, threat intel experts tell The Daily Swig [...]
Same-origin violation vulnerability in Safari 15 could leak a user’s website history and identity
Fix is apparently incoming [...]
White House tackles ‘unique security challenges’ faced by open source ecosystem during dedicated virtual summit
Silicon Valley giants joined government officials to thrash out remedies to software supply chain woes [...]
Introducing vAPI – an open source lab environment to learn about API security
Platform aims to educate security professionals on the challenges of securing modern web APIs [...]
Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device
Exploit code has also been released for flaws that supposedly date back to 2016 [...]
Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software
Non-profit shares metrics in its latest annual security review of 350-plus projects [...]
GitLab shifts left to patch high-impact vulnerabilities
HackerOne bug bounty reports triaged [...]
Generation cyber: How diversity and ageism can impact the IT workforce
Report claims generational attitudes can help or hinder the industry [...]
Bug Alert launched to provide early warning system for super-critical vulnerabilities
Open source project will draw on community input to rapidly close down zero-days [...]
Cybersecurity conferences 2022: A rundown of online, in person, and ‘hybrid’ events
With many events choosing to retain virtual elements forced on them by the pandemic, there’s now an abundance of online content to choose from [...]
Patch Tuesday: Web security issues in the spotlight in Microsoft’s bumper January update
‘Wormable’ flaw in HTTP Protocol Stack causes concern [...]
Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns
Flurry of issues patched in web browser’s latest advisory [...]
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE
Researchers disclose second critical flaw in authentication plugin [...]
Growing cyber threats listed among greatest global risks in annual World Economic Forum report
Resilience, resilience, resilience [...]
VMware Horizon under attack as China-based ransomware group targets Log4j vulnerability
Microsoft says cybercrime group is attempting to deploy NightSky ransomware [...]
Multiple Node.js vulnerabilities fixed in flurry of new releases
Three medium-impact and one low severity bug have been patched [...]
IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks
Security researcher discovers how to send unlimited HTTP requests with the same client [...]
Report: DDoS attacks increasing year on year as cybercriminals demand extortionate payouts
Crooks attempt to cash in by upping the ante [...]
City of Grass Valley, California, suffers data breach – employee and citizen information exposed
Social Security numbers and medical information has been accessed, city confirms [...]
The blame game: EU criticized for ‘fragmented and slow’ approach to cyber-attack attribution
Cyber sanctions can send a powerful message – why aren’t they being used more widely? [...]
« newer articles | page 24 | older articles »