Vulnerability in open source identity management system Free IPA could lead to XXE attacks
Attackers could ‘take full control of the infrastructure’, warn researchers [...]
Showing only posts in The Daily Swig. Show all posts.
Secure Open Source Rewards program launched to help protect critical upstream software
SOS.dev initiative will combat software supply chain attacks by encouraging researchers to suggest security improvements to key projects [...]
Swiss Post relaunches e-voting bug bounty program
Ethical hackers invited to stress test election infrastructure [...]
Developers still struggling with security issues during code reviews, study finds
The road to DevSecOps isn’t always the smoothest [...]
Legitimate hacking activities under UK law proposed by ‘expert consensus’
Contentious edge case activities are no excuse for further delaying of ‘much overdue’ reform, say campaigners [...]
Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google [...]
Germany to mandate minimum security standards for web browsers in government
Less celebrated browsers and deprecated applications like Internet Explorer will be browsers non-grata [...]
Healthcare provider Novant issues data breach warning after site tracking pixels sent patients’ information to Meta servers
Leaked data potentially included patients’ email addresses, phone numbers, and device IP addresses [...]
IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution
‘We have a habit of reacting to threats after they occur, rather than preparing for them,’ journalist Kim Zetter tells Black Hat [...]
BHUSA: Make sure your security bug bounty program doesn’t create a data leak of its own
Researchers, organizations, and bug disclosure platforms can all make improvements to help protect user data [...]
GoTestWAF adds API attack testing via OpenAPI support
CI/CD support is next for WAF security tool [...]
Black Hat USA: Pen testing tool that aims to ‘keep the fun in hacking’ unveiled
Latest version of AttackForge ReportGen DevSecOps aid demonstrated during conference Arsenal track [...]
Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA
Renowned researcher James Kettle demonstrates his latest attack technique in Las Vegas [...]
ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA
Open source recon tool automates some of the more time-consuming pen testing tasks [...]
Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground
AWSGoat and AzureGoat tools showcased in Las Vegas this week [...]
Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time
Open source utility exposes payloads without running vulnerable Java code [...]
Black Hat USA: Ex-CISA director Chris Krebs urges orgs to bolster infrastructure amid Taiwan tensions
Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), says the infosec industry is “bearish in the sh [...]
Black Hat USA: Former CISA director Chris Krebs warns clouds of cyberwar are circling Taiwan
Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), is “bearish in the short term, bullish in the l [...]
Cisco router flaw gives patient attackers full access to small business networks
Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priority [...]
Microsoft Edge deepens defenses against malicious websites with enhanced security mode
Browser adds defense in depth to prevent abuse of unpatched vulnerabilities [...]
Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions
Bug fixed within 24 hours and $5,000 bug bounty awarded [...]
The best Black Hat and DEF CON talks of all time
Pwn stars [...]
XSS in Gmail’s AMP For Email earns researcher $5,000
Researcher bypasses email filter with inspired style tag trickery [...]
High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation
Now-patched RCE bug impacts dozens of DrayTek Vigor router models [...]
Authentication bypass bug in Nextauth.js could allow email account takeover
Vulnerability has been patched in latest versions [...]
« newer articles | page 8 | older articles »