Facebook two-factor authentication bypass issue patched
Security vulnerability was one of Meta’s top bugs of 2022 Meta has patched a vulnerability in Facebook that could have allowed an attacker to bypass…
Category: PortSwigger
Ruby on Rails apps vulnerable to data theft through Ransack search
Ben Dickson 26 January 2023 at 17:27 UTC Updated: 26 January 2023 at 17:33 UTC Several applications were vulnerable to brute-force attacks; hundreds more could…
Trellix automates tackling open source vulnerabilities at scale
Charlie Osborne 26 January 2023 at 13:52 UTC Updated: 26 January 2023 at 13:55 UTC More than 61,000 vulnerabilities patched and counting Trellix has patched…
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage A trio of authentication bypass bugs stemming from the use of hardcoded keys have been patched in popular enterprise…
Bitwarden responds to encryption design flaw criticism
Password vault vendor accused of making a hash of encryption Password vault vendor Bitwarden has responded to renewed criticism of the encryption scheme it uses…
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
John Leyden 24 January 2023 at 13:22 UTC Updated: 24 January 2023 at 13:30 UTC Manufacturer complacency ‘translates into an unacceptable risk for consumers’, warns…
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar Amazon Web Services (AWS) has patched a bypass bug that attackers…
Tell us what you think: The Daily Swig reader survey 2023
Have your say to be in with the chance to win Burp Suite swag… UPDATED The Daily Swig, the brainchild of PortSwigger, the makers of Burp…
Git security audit reveals critical overflow bugs
Uncovered vulnerabilities include several high, medium, and low-security issues A security audit of the source code for Git has revealed several vulnerabilities, including two critical…
Popular password managers auto-filled credentials on untrusted websites
John Leyden 20 January 2023 at 12:09 UTC Updated: 20 January 2023 at 12:12 UTC Dashlane, Bitwarden, and Safari all cited by Google researchers Security…
Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
Six payouts issued for bugs uncovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations Vulnerabilities in four Google Cloud Platform (GCP) projects have earned…
WAGO fixes config export flaw threatening data leak from industrial devices
Charlie Osborne 18 January 2023 at 15:34 UTC Updated: 18 January 2023 at 15:52 UTC Severity somewhat blunted by reboot-related caveat Security researchers have disclosed…