Dependency confusion tops the PortSwigger annual web hacking list for 2021
Request smuggling attacks a key theme [...]
Showing only posts in The Daily Swig. Show all posts.
Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack
US investigators recover $3.6bn in digital assets [...]
Cyber-attack at Vodafone Portugal knocks mobile network services offline
No customer data was accessed, company claims [...]
FTC set to ramp up privacy and security rule-making activity in 2022
Recent moves from the US government agency have laid the groundwork for significant changes to businesses’ compliance obligations, writes US attorney David Oberly [...]
Zero-day vulnerabilities in Nooie baby monitors could allow video feed hijack
Unresolved vulnerabilities also create code execution risk, warns Bitdefender [...]
UK anti-encryption drive meets fierce resistance from privacy, security advocates
Privacy campaigners sign open letter urging government to reconsider E2EE stance [...]
Equifax finalizes data breach settlement with US regulators
Settlement includes up to $425 million to help people affected by 2017 mega breach [...]
Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation
Attackers have targeted mailboxes ‘in multiple waves across two attack phases’ [...]
Suspected data breach at Washington State Department of Licensing
Agency pulls POLARIS platform offline as investigation continues [...]
Google Drive integration errors created SSRF flaws in multiple applications
Bug hunter earned $17k bounty for HelloSign bug [...]
Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks
Critical security bugs inherited by multiple products [...]
Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projects [...]
Bittersweet Symfony: Devs accidentally turn off CSRF protection in PHP framework
Inadvertent defense downgrade quickly reverted [...]
Cloudflare bug bounty program goes public with $3,000 rewards on offer
Silicon Valley firm has paid out more than $200,000 since private program’s 2018 launch [...]
SnapFuzz: New fuzzing tool speeds up testing of network applications
Though still in its early stages, SnapFuzz is already showing some promising results [...]
Serious vulnerability in WordPress plugin Essential Addons for Elementor eliminated
WordPress plugin problem patched [...]
Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project
‘Cloudbleed’-like bug affected cloud computing service from Fastly, a H2O contributor [...]
British Council data breach leaks 10,000 student records
Researchers say 144,000 files were exposed [...]
Critical Samba flaw presents code execution threat
Urgent patching of file-sharing technology urged [...]
SureMDM bug chain enabled wholesale compromise of managed devices
Series of flaws in MDM platform addressed in web console and Linux agent [...]
Decryption key released for DeadBolt ransomware after QNAP NAS devices infected
Tool enables decryption key to work after forced firmware update rendered it useless [...]
Bug Bounty Radar // The latest bug bounty programs for February 2022
New web targets for the discerning hacker [...]
No smoke without fire? ‘Critical’ Loguru security flaw turns out to be non-issue
Invalid CVE saga highlights potential problems in the automated vulnerability alert process [...]
Vulnerability in PostBus public transport platform exposed customer data
The online portal is used to track fare dodging on Swiss public transport [...]
US government’s ‘zero trust’ roadmap calls time on perimeter-based paradigm
Federal agencies have a little over two years to fundamentally remodel cyber defenses [...]
« newer articles | page 22 | older articles »