Toyota sealed up a backdoor to its global supplier management network The Daily Swig | Cybersecurity news and views 1 year 9 months ago Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage
Google engineers plot to mitigate prototype pollution The Daily Swig | Cybersecurity news and views 1 year 9 months ago Plan to create boundary between JavaScript objects and their blueprints gathers momentum
Serious security hole plugged in infosec tool binwalk The Daily Swig | Cybersecurity news and views 1 year 9 months ago Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’
Truffle Security relaunches XSS Hunter tool with new features The Daily Swig | Cybersecurity news and views 1 year 9 months ago Popular hacking aid now available with CORS misconfig detection function following end-of-life announcement
Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ The Daily Swig | Cybersecurity news and views 1 year 9 months ago Printer exploit chain could be weaponized to fully compromise more than 100 models
Bug Bounty Radar // The latest bug bounty programs for February 2023 The Daily Swig | Cybersecurity news and views 1 year 9 months ago New web targets for the discerning hacker
Tell us what you think: The Daily Swig reader survey 2023 The Daily Swig | Cybersecurity news and views 1 year 9 months ago Have your say to be in with the chance to win Burp Suite swag…
Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems The Daily Swig | Cybersecurity news and views 1 year 9 months ago Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
Facebook two-factor authentication bypass issue patched The Daily Swig | Cybersecurity news and views 1 year 9 months ago Security vulnerability was one of Meta’s top bugs of 2022
Ruby on Rails apps vulnerable to data theft through Ransack search The Daily Swig | Cybersecurity news and views 1 year 9 months ago Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Trellix automates tackling open source vulnerabilities at scale The Daily Swig | Cybersecurity news and views 1 year 9 months ago More than 61,000 vulnerabilities patched and counting
Yellowfin tackles auth bypass bug trio that opened door to RCE The Daily Swig | Cybersecurity news and views 1 year 9 months ago Pre- and post-auth path to pwnage
Bitwarden responds to encryption design flaw criticism The Daily Swig | Cybersecurity news and views 1 year 9 months ago Password vault vendor accused of making a hash of encryption
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs The Daily Swig | Cybersecurity news and views 1 year 10 months ago Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns security expert
AWS patches bypass bug in CloudTrail API monitoring tool The Daily Swig | Cybersecurity news and views 1 year 10 months ago Threat actors poking around AWS environments and API calls could stay under the radar
Git security audit reveals critical overflow bugs The Daily Swig | Cybersecurity news and views 1 year 10 months ago Uncovered vulnerabilities include several high, medium, and low-security issues
Popular password managers auto-filled credentials on untrusted websites The Daily Swig | Cybersecurity news and views 1 year 10 months ago Dashlane, Bitwarden, and Safari all cited by Google researchers
Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects The Daily Swig | Cybersecurity news and views 1 year 10 months ago Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations
WAGO fixes config export flaw threatening data leak from industrial devices The Daily Swig | Cybersecurity news and views 1 year 10 months ago Severity somewhat blunted by reboot-related caveat
US government announces third Hack The Pentagon challenge The Daily Swig | Cybersecurity news and views 1 year 10 months ago Ethical hackers and bug bounty hunters invited to test Department of Defense assets