We’re going teetotal: It’s goodbye to The Daily Swig The Daily Swig | Cybersecurity news and views 1 year 9 months ago PortSwigger today announces that The Daily Swig is closing down
Bug Bounty Radar // The latest bug bounty programs for March 2023 The Daily Swig | Cybersecurity news and views 1 year 9 months ago New web targets for the discerning hacker
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses The Daily Swig | Cybersecurity news and views 1 year 9 months ago Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Password managers: A rough guide to enterprise secret platforms The Daily Swig | Cybersecurity news and views 1 year 9 months ago The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
Chromium bug allowed SameSite cookie bypass on Android devices The Daily Swig | Cybersecurity news and views 1 year 9 months ago Protections against cross-site request forgery could be bypassed
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption The Daily Swig | Cybersecurity news and views 1 year 9 months ago Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
NIST plots biggest ever reform of Cybersecurity Framework The Daily Swig | Cybersecurity news and views 1 year 9 months ago CSF 2.0 blueprint offered up for public review
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw The Daily Swig | Cybersecurity news and views 1 year 9 months ago Patch released for bug that poses a critical risk to vulnerable technologies
CVSS system criticized for failure to address real-world impact The Daily Swig | Cybersecurity news and views 1 year 9 months ago JFrog argues vulnerability risk metrics need complete revamp
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector The Daily Swig | Cybersecurity news and views 1 year 9 months ago API security is a ‘great gateway’ into a pen testing career, advises specialist in the field
HTTP request smuggling bug patched in HAProxy The Daily Swig | Cybersecurity news and views 1 year 9 months ago Exploitation could enable attackers to access backend servers
Belgium launches nationwide safe harbor for ethical hackers The Daily Swig | Cybersecurity news and views 1 year 9 months ago New legal protections for security researchers could be the strongest of any EU country
Remote code execution flaw patched in Apache Kafka The Daily Swig | Cybersecurity news and views 1 year 9 months ago Possible RCE and denial-of-service issue discovered in Kafka Connect
Password manager security: Which is the right option for me? The Daily Swig | Cybersecurity news and views 1 year 9 months ago The first guide of our two-part series helps consumers choose the best way to manage their login credentials
Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack The Daily Swig | Cybersecurity news and views 1 year 9 months ago Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
OAuth ‘masterclass’ crowned top web hacking technique of 2022 The Daily Swig | Cybersecurity news and views 1 year 9 months ago Single sign-on and request smuggling to the fore in another stellar year for web security research
Radio silence from DMS vendor quartet over XSS zero-days The Daily Swig | Cybersecurity news and views 1 year 9 months ago No response or patch yet forthcoming from providers of vulnerable document management systems
New XSS Hunter host Truffle Security faces privacy backlash The Daily Swig | Cybersecurity news and views 1 year 9 months ago Anonymized numbers of bug discoveries swiftly deleted after pushback
Second UK Computer Misuse Act consultation reflects ‘very little progress’ The Daily Swig | Cybersecurity news and views 1 year 9 months ago Campaigner bemoans glacial progress of review and urges government to set clear timetable
DOM XSS vulnerability in Gartner Peer Insights widget patched The Daily Swig | Cybersecurity news and views 1 year 9 months ago Web attack vector closed after failed fix