Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed A recently patched bug in the Chromium project could allow malicious actors to bypass a security feature…
Category: PortSwigger
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Jessica Haworth 24 February 2023 at 13:09 UTC Updated: 24 February 2023 at 13:15 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review ANALYSIS The US National Institute of Standards and Technology (NIST) is planning significant changes to its Cybersecurity…
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies A security flaw in a bundle anti-malware scanner product has created a serious…
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics…
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field INTERVIEW Securing web APIs requires a different approach to…
HTTP request smuggling bug patched in HAProxy
Ben Dickson 17 February 2023 at 16:05 UTC Updated: 17 February 2023 at 16:07 UTC Exploitation could enable attackers to access backend servers HAProxy, the…
Read all about it: Introducing our new newsletter, Daily Swig Deserialized
Free fortnightly roundup and exclusive content for subscribers only Want to get the latest web security news straight to your inbox? Now you can, with…
Belgium launches nationwide safe harbor for ethical hackers
Adam Bannister 15 February 2023 at 16:49 UTC Updated: 15 February 2023 at 17:05 UTC New legal protections for security researchers could be the strongest…
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka…
Password manager security: Which is the right option for me?
The first guide of our two-part series helps consumers choose the best way to manage their login credentials While we continue to wait for the…
Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news KeePass has become the latest password manager utility obliged to defend its…