Category: PortSwigger

The Black Hat Europe last week showcased ground-breaking infosec research
26
Dec
2022

Black Hat Europe redux: The top web hacking talks for 2022

Catch up on the highlights of last week’s cybersecurity conference Alongside the release of hacking tools and a thought-provoking keynote,…

Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 - HackerOne
26
Dec
2022

Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne

Impact of cloud migration and shift to remote work evident in new report Bug bounty hunters are increasingly unearthing cloud-based…

Akamai WAF bypassed via Spring Boot to trigger RCE
26
Dec
2022

Akamai WAF bypassed via Spring Boot to trigger RCE

Charlie Osborne 14 December 2022 at 12:01 UTC Updated: 19 December 2022 at 09:53 UTC Akamai issued an update to…

Critical IP spoofing bug patched in Cacti
26
Dec
2022

Critical IP spoofing bug patched in Cacti

‘Not that hard to execute if attacker has access to a monitoring platform running Cacti’ A dangerous bug in Cacti,…

Deserialized web security roundup
26
Dec
2022

Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat

John Leyden 16 December 2022 at 17:43 UTC Updated: 19 December 2022 at 14:19 UTC Your fortnightly rundown of AppSec…

Safeurl HTTP library brings SSRF protection to Go applications
26
Dec
2022

Safeurl HTTP library brings SSRF protection to Go applications

Prizes offered to anyone who can bypass the library and capture the flag A new open source library designed to…

Akamai wrestles with AWS S3 web cache poisoning bug
26
Dec
2022

Akamai wrestles with AWS S3 web cache poisoning bug

Definitive solution is ‘non-trivial’ since behavior arises from customers processing non-RFC compliant requests A vulnerability in how Akamai retrieves Amazon…

John Jackson, pen tester, Trustwave
26
Dec
2022

How to become a penetration tester: Part 2 – ‘Mr Hacking’ John Jackson on the virtue of ‘endless curiosity’

Marine Corps engineer-turned offensive security expert offers careers advice and his best and worst experiences John Jackson has been working…

Password theft bug chain patched in Passwordstate credentials vault manager
26
Dec
2022

Password theft bug chain patched in Passwordstate credential manager

Flaws could be combined to grab passwords in cleartext Vulnerabilities in enterprise password manager Passwordstate that could be combined to…

Zoom has patched a cross-site scripting (XSS) bug that worked in both the desktop and web versions of its Whiteboard app
26
Dec
2022

Zoom Whiteboard patches XSS bug

Ben Dickson 22 December 2022 at 12:00 UTC Updated: 22 December 2022 at 12:03 UTC Video conferencing platform fixes cross-site…

Clean, green coding machine: How sustainable computing drive can reduce attack surfaces
26
Dec
2022

Lean, green coding machine: How sustainable computing drive can reduce attack surfaces

Less is often more when it comes to both infosec and eco-friendly computing practices Reducing the carbon footprint of computing…

OpenSSF and Apache Brian Behlendorf
26
Dec
2022

Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development

Apache pioneer says ‘use at your own risk’ model no longer tenable as OpenSSF ramps up end user engagement The…