Latest web hacking tools – Q2 2022
We take a look at the latest additions to security researchers’ armory [...]
Showing only posts in The Daily Swig. Show all posts.
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild [...]
Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner
Attacks could be mounted via manipulation of query operators in search criteria [...]
US healthcare data breach impacts 85,000 law enforcement officers
Law Enforcement Health Benefits was hit by a ransomware attack last year [...]
Spring Cloud framework commits patch for code injection flaw
A fix appears to have been pushed but is not available in a stable release yet [...]
SQL injection protections in ImpressCMS could be bypassed to achieve RCE
Features designed to protect against SQL injection could be abused and turned against the host application [...]
‘Dangerous’ EU web authentication plan threatens to undercut browser-led certification system, detractors claim
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swig [...]
Network cavity blamed for data breach at Japanese candy maker Morinaga
More than 1.6m affected by suspected compromise that ‘locked up’ servers [...]
HTML parser bug triggers Chromium XSS security flaw
Websites thought to be XSS-protected could have been unintentionally exposed to XSS attacks in Chrome sessions [...]
Ukrainian ISP used by military disrupted by ‘powerful’ cyber-attack
Russia blamed after internet knocked offline for many across the country [...]
Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns – report
Enterprises need to be ready with ‘battle-tested incident response procedures’ as zero-day exploitation ramps up [...]
ENISA urges data-handling innovation amid growing tide of healthcare breaches
Infosec agency sets out use cases for clinical trials, data exchange, and connected devices [...]
FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues
Russian antivirus vendor cited in expanded guidance [...]
Four Russian government employees charged over hacking campaigns on critical infrastructure
Historical crimes unsealed by US courts [...]
Washington residents’ medical data exposed by phishing attack on Spokane Regional Health District
Medications and test results among data potentially ‘previewed’ by attacker [...]
HTTP request smuggling bug patched in mitmproxy
Bug exploited inconsistencies between intermediary and backend servers [...]
Microweber developers resolve XSS vulnerability in CMS software
Content filtering shortcomings led to web security flaw [...]
FBI Most Wanted Russian national accused of running dark web marketplace
The 23-year-old has been indicted for operating a successful carding ring [...]
Flash loan attack on One Ring protocol nets crypto-thief $1.4 million
Price manipulation of LP tokens ejected OShare tokens from protocol [...]
Sophos fixes SQL injection vulnerability in UTM appliance
‘God box’ loses its religion [...]
US and Canada reinstate cybercrime forum to prevent Russian cyber-attacks
North American nations agree to share information on key security issues [...]
Okta investigates LAPSUS$ gang’s compromise claims
Attackers purportedly said ‘focus was only on Okta customers’ [...]
Scottish mental health charity disrupted by ‘sophisticated’ cyber-attack
Organization is ‘devastated’ over security incident [...]
‘Browser in a browser’: Phishing technique simulates pop-ups to exploit users
Trick negates ‘check the URL’ advice [...]
NPM maintainer targets Russian users with data-wiping ‘protestware’
GUI-rilla warfare [...]
« newer articles | page 18 | older articles »