Google Alert - site: portswigger.net/daily-swig/vulnerabilities

Widespread Swagger-UI library vulnerability leads to DOM XSS attacks | The Daily Swig

Read full post . . . or http://www.go-que.com/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3X0EnY0uPxAg-94AH_EH9V

Dawid Moczadło, co-founder of Vidoc Security Lab, published a security advisory on May 16 documenting a DOM cross-site scripting (XSS) vulnerability … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3X0EnY0uPxAg-94AH_EH9V

Revisions to US Computer Fraud and Abuse Act will not prosecute ‘good-faith’ security research

Read full post . . . or http://www.go-que.com/revisions-to-us-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-security-research

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/revisions-to-us-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-security-research&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ZcwUcrJyr8QJvDBmCHRvY

“For example, discovering vulnerabilities in devices in order to extort … of the dating website or using a pseudonym on a social networking site … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/revisions-to-us-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-security-research&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ZcwUcrJyr8QJvDBmCHRvY

Active attacks against VMware flaws prompts emergency update directive | The Daily Swig

Read full post . . . or http://www.go-que.com/active-attacks-against-vmware-flaws-prompts-emergency-update-directive-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/active-attacks-against-vmware-flaws-prompts-emergency-update-directive&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1hTET2gx3ABGxA3WCWpbyF

CISA orders US federal agencies to implement patches ASAP. Active cyber-attacks against VMWare installs have prompted the US government to issue … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/active-attacks-against-vmware-flaws-prompts-emergency-update-directive&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1hTET2gx3ABGxA3WCWpbyF

Encrypted email service CTemplar announces closure | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/encrypted-email-service-ctemplar-announces-closure-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/encrypted-email-service-ctemplar-announces-closure&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3CmzcYq0RYGPLFxYnDF-7_

The Icelandic vendor published a short blog post on its website informing users that it will close on May 26, 2022. No reason was given for the … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/encrypted-email-service-ctemplar-announces-closure&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3CmzcYq0RYGPLFxYnDF-7_

Facebook account takeover: Researcher scoops $40k bug bounty for chained exploit – PortSwigger

Read full post . . . or http://www.go-que.com/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0DQ0Ses5MR0rmvOGLc3_Yr

And, he tells The Daily Swig, the same technique could have been used any other … The Facebook exploit leveraged a series of vulnerabilities, … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0DQ0Ses5MR0rmvOGLc3_Yr

Firefox debuts improved process isolation to reduce browser attack surface | The Daily Swig

Read full post . . . or http://www.go-que.com/firefox-debuts-improved-process-isolation-to-reduce-browser-attack-surface-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/firefox-debuts-improved-process-isolation-to-reduce-browser-attack-surface&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2MxmGJk4cX6-zVZlArJIg4

Therefore, Mozilla Firefox undertook a serious redesign. This included a switch to WebRender for painting web page content, making Canvas 2D and WebGL … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/firefox-debuts-improved-process-isolation-to-reduce-browser-attack-surface&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2MxmGJk4cX6-zVZlArJIg4

UK government sits out bug bounty boom but welcomes vulnerability disclosure | The Daily Swig

Read full post . . . or http://www.go-que.com/uk-government-sits-out-bug-bounty-boom-but-welcomes-vulnerability-disclosure-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/uk-government-sits-out-bug-bounty-boom-but-welcomes-vulnerability-disclosure&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3Yy5F36AkVjD6Qr5-XzIRE

Budget constraints limit any immediate ambitions. Senior UK officials have played down the prospect of expanding the Ministry of Defence bug … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/uk-government-sits-out-bug-bounty-boom-but-welcomes-vulnerability-disclosure&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3Yy5F36AkVjD6Qr5-XzIRE

Ukrainian hacker jailed for selling account credentials on the dark web | The Daily Swig

Read full post . . . or http://www.go-que.com/ukrainian-hacker-jailed-for-selling-account-credentials-on-the-dark-web-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/ukrainian-hacker-jailed-for-selling-account-credentials-on-the-dark-web&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3rzqOXmra_wV1PytzsXXAb

Botnet operator had thousands of hacked credential listings, according to the DoJ. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/ukrainian-hacker-jailed-for-selling-account-credentials-on-the-dark-web&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3rzqOXmra_wV1PytzsXXAb

Brace of Icinga web vulnerabilities ‘easily chained’ to hack IT monitoring software | The Daily Swig

Read full post . . . or http://www.go-que.com/brace-of-icinga-web-vulnerabilities-easily-chained-to-hack-it-monitoring-software-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/brace-of-icinga-web-vulnerabilities-easily-chained-to-hack-it-monitoring-software&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw04gM_lvLqPkBiCXWNZ87xy

A pair of vulnerabilities in the web control panel of IT monitoring system Icinga created a route for even unauthenticated attackers to run arbitrary … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/brace-of-icinga-web-vulnerabilities-easily-chained-to-hack-it-monitoring-software&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw04gM_lvLqPkBiCXWNZ87xy

Marcus Hutchins on halting the WannaCry ransomware attack – ‘Still to this day it feels like it …

Read full post . . . or http://www.go-que.com/marcus-hutchins-on-halting-the-wannacry-ransomware-attack-still-to-this-day-it-feels-like-it

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/marcus-hutchins-on-halting-the-wannacry-ransomware-attack-still-to-this-day-it-feels-like-it-was-all-a-weird-dream&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3-UyhRzHX9W4CpQDZ8w5lj

Still to this day it feels like it was all a weird dream,” Hutchins tells The Daily Swig. “It’s rare for such sophisticated exploits to fall into … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/marcus-hutchins-on-halting-the-wannacry-ransomware-attack-still-to-this-day-it-feels-like-it-was-all-a-weird-dream&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3-UyhRzHX9W4CpQDZ8w5lj

Go Que Newsroom

Categories