Google Alert - site: portswigger.net/daily-swig/vulnerabilities
We’re going teetotal: It’s goodbye to The Daily Swig – PortSwigger
Read full post . . . or http://www.go-que.com/were-going-teetotal-its-goodbye-to-the-daily-swig-portswigger
FollowRead full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw394UibInzEFZLc7hhmoyQd
PortSwigger today announces that The Daily Swig is closing down. … Always on top of the latest web hacking vulnerabilities, Ben Dickson wrote … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw394UibInzEFZLc7hhmoyQd
Bug Bounty Radar // The latest bug bounty programs for March 2023 | The Daily Swig
Read full post . . . or http://www.go-que.com/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023-the-daily-swig
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1v32dAAzLLtxmKwO3ssdw5
Security researcher Justin Steven wanted to write-up the technical details of a DOM-based cross-site scripting vulnerability in the Gartner Peer … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1v32dAAzLLtxmKwO3ssdw5
Chromium bug allowed SameSite cookie bypass on Android devices | The Daily Swig
Read full post . . . or http://www.go-que.com/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices-the-daily-swig
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2qAnRKvV2do9pKmuXj9u9n
Protections against cross-site request forgery could be bypassed. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2qAnRKvV2do9pKmuXj9u9n
NIST plots biggest ever reform of Cybersecurity Framework | The Daily Swig – PortSwigger
Read full post . . . or http://www.go-que.com/nist-plots-biggest-ever-reform-of-cybersecurity-framework-the-daily-swig-portswigger
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ppU7Ot3zudxpqnW5o1ebj
ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity Framework (CSF) - the first … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ppU7Ot3zudxpqnW5o1ebj
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig
Read full post . . . or http://www.go-que.com/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw-the-daily-swig
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3OcMA0X8spyAdKttDTZZfO
Patch released for bug that poses a critical risk to vulnerable technologies. A recently-patched flaw in the ClamAV anti-malware scanning library … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3OcMA0X8spyAdKttDTZZfO
CVSS system criticized for failure to address real-world impact | The Daily Swig
Read full post . . . or http://www.go-que.com/cvss-system-criticized-for-failure-to-address-real-world-impact-the-daily-swig
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0IgLcKzRtWwnhBg9JAiLak
JFrog argues vulnerability risk metrics need complete revamp. The CVSS vulnerability scoring system has been criticised for offering an … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0IgLcKzRtWwnhBg9JAiLak
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a …
Read full post . . . or http://www.go-que.com/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3SmOIkmWpY9jp_yZlJF20P
In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3SmOIkmWpY9jp_yZlJF20P
HTTP request smuggling bug patched in HAProxy | The Daily Swig – PortSwigger
Read full post . . . or http://www.go-que.com/http-request-smuggling-bug-patched-in-haproxy-the-daily-swig-portswigger
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IGkY5aKDEhmKGxleZKGiN
The vulnerability is not hard to exploit, but its impact depends on the target web server and how much it relies on HAProxy filters to secure its … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IGkY5aKDEhmKGxleZKGiN
Read all about it: Introducing our new newsletter, Daily Swig Deserialized – PortSwigger
Read full post . . . or http://www.go-que.com/read-all-about-it-introducing-our-new-newsletter-daily-swig-deserialized-portswigger
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/read-all-about-it-introducing-our-new-newsletter-daily-swig-deserialized&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3116F5wOAvTiTH4WE3P-M1
We’re pleased to announce that Daily Swig Deserialized, a fortnightly roundup of the … and his favourite ever web vulnerability discovery. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/read-all-about-it-introducing-our-new-newsletter-daily-swig-deserialized&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3116F5wOAvTiTH4WE3P-M1
Remote code execution flaw patched in Apache Kafka | The Daily Swig – PortSwigger
Read full post . . . or http://www.go-que.com/remote-code-execution-flaw-patched-in-apache-kafka-the-daily-swig-portswigger
Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1AzVFdpbiRFtLZw9-qEuV6
Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1AzVFdpbiRFtLZw9-qEuV6