The Daily Swig | Cybersecurity news and views Keeping you up to date with the latest cybersecurity news from around the world.
- We’re going teetotal: It’s goodbye to The Daily Swigon March 2, 2023 at 2:05 pm
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty programs for March 2023on February 28, 2023 at 7:15 pm
New web targets for the discerning hacker
- Indian transport ministry flaws potentially allowed creation of counterfeit driving licenseson February 28, 2023 at 2:15 pm
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
- Password managers: A rough guide to enterprise secret platformson February 27, 2023 at 3:30 pm
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
- Chromium bug allowed SameSite cookie bypass on Android deviceson February 27, 2023 at 11:50 am
Protections against cross-site request forgery could be bypassed
- Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryptionon February 24, 2023 at 1:09 pm
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
- NIST plots biggest ever reform of Cybersecurity Frameworkon February 23, 2023 at 3:55 pm
CSF 2.0 blueprint offered up for public review
- Cisco ClamAV anti-malware scanner vulnerable to serious security flawon February 22, 2023 at 2:23 pm
Patch released for bug that poses a critical risk to vulnerable technologies
- CVSS system criticized for failure to address real-world impacton February 21, 2023 at 3:34 pm
JFrog argues vulnerability risk metrics need complete revamp
- ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vectoron February 20, 2023 at 1:58 pm
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field
- HTTP request smuggling bug patched in HAProxyon February 17, 2023 at 4:05 pm
Exploitation could enable attackers to access backend servers
- Belgium launches nationwide safe harbor for ethical hackerson February 15, 2023 at 4:49 pm
New legal protections for security researchers could be the strongest of any EU country
- Remote code execution flaw patched in Apache Kafkaon February 15, 2023 at 2:01 pm
Possible RCE and denial-of-service issue discovered in Kafka Connect
- Password manager security: Which is the right option for me?on February 14, 2023 at 3:58 pm
The first guide of our two-part series helps consumers choose the best way to manage their login credentials
- Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hackon February 10, 2023 at 4:30 pm
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
- OAuth ‘masterclass’ crowned top web hacking technique of 2022on February 10, 2023 at 2:56 pm
Single sign-on and request smuggling to the fore in another stellar year for web security research
- Radio silence from DMS vendor quartet over XSS zero-dayson February 10, 2023 at 11:55 am
No response or patch yet forthcoming from providers of vulnerable document management systems
- New XSS Hunter host Truffle Security faces privacy backlashon February 9, 2023 at 5:12 pm
Anonymized numbers of bug discoveries swiftly deleted after pushback
- Second UK Computer Misuse Act consultation reflects ‘very little progress’on February 8, 2023 at 5:02 pm
Campaigner bemoans glacial progress of review and urges government to set clear timetable
- DOM XSS vulnerability in Gartner Peer Insights widget patchedon February 8, 2023 at 1:42 pm
Web attack vector closed after failed fix
- Toyota sealed up a backdoor to its global supplier management networkon February 7, 2023 at 5:34 pm
Hacker praises carmaker’s prompt response to the (mercifully) good-faith pwnage
- Google engineers plot to mitigate prototype pollutionon February 6, 2023 at 3:57 pm
Plan to create boundary between JavaScript objects and their blueprints gathers momentum
- Serious security hole plugged in infosec tool binwalkon February 3, 2023 at 4:36 pm
Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’
- Truffle Security relaunches XSS Hunter tool with new featureson February 2, 2023 at 3:08 pm
Popular hacking aid now available with CORS misconfig detection function following end-of-life announcement
- Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’on February 1, 2023 at 12:18 pm
Printer exploit chain could be weaponized to fully compromise more than 100 models
- Bug Bounty Radar // The latest bug bounty programs for February 2023on January 31, 2023 at 3:13 pm
New web targets for the discerning hacker
- Tell us what you think: The Daily Swig reader survey 2023on January 29, 2023 at 2:03 pm
Have your say to be in with the chance to win Burp Suite swag…
- Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problemson January 27, 2023 at 4:48 pm
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
- Facebook two-factor authentication bypass issue patchedon January 27, 2023 at 11:50 am
Security vulnerability was one of Meta’s top bugs of 2022
- Ruby on Rails apps vulnerable to data theft through Ransack searchon January 26, 2023 at 5:27 pm
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk