Category: PortSwigger

Stupid security 2022 – this year’s infosec fails

Epic web security fails and salutary lessons from another inevitably eventful year in infosec As 2022 draws to a close, The Daily Swig is revisiting…

December 29, 2022 Cybernoz 4 min read

Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug

Adam Bannister 08 November 2022 at 16:33 UTC Updated: 25 November 2022 at 10:37 UTC Rapid remedy follows reawakening of long-dormant bug threat A critical…

December 28, 2022 Cybernoz 3 min read

CSS injection flaw patched in Acronis cloud management console

CSRF attacks could be triggered to access and exfiltrate information A security researcher has disclosed a CSS injection flaw in Acronis software which could be…

December 28, 2022 Cybernoz 3 min read

Google Pixel screen-lock hack earns researcher $70k

John Leyden 10 November 2022 at 16:14 UTC Updated: 11 November 2022 at 11:23 UTC Android security pwned by PUK reset trick A security researcher…

December 28, 2022 Cybernoz 3 min read

CSRF in Plesk API enabled server takeover

Ben Dickson 11 November 2022 at 11:31 UTC Updated: 11 November 2022 at 16:51 UTC Bugs in programming interfaces of web hosting admin tool patched…

December 28, 2022 Cybernoz 3 min read

Prototype pollution project yields another Parse Server RCE

Adam Bannister 11 November 2022 at 15:37 UTC Updated: 02 December 2022 at 11:49 UTC Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’…

December 28, 2022 Cybernoz 3 min read

All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks

Adam Bannister 14 November 2022 at 16:16 UTC Updated: 24 November 2022 at 12:50 UTC AppSec engineer keynote says Log4j revealed lessons were not learned…

December 28, 2022 Cybernoz 3 min read

Mastodon users vulnerable to password-stealing attacks

Jessica Haworth 15 November 2022 at 15:39 UTC Updated: 15 November 2022 at 15:47 UTC Patched bug could have leaked credentials Attackers could steal password…

December 28, 2022 Cybernoz 3 min read

Zendesk Explore flaws opened the door to account pillage

John Leyden 15 November 2022 at 16:10 UTC Updated: 16 November 2022 at 11:18 UTC Patched SQLi and logical access vulnerabilities posed serious risk Security…

December 28, 2022 Cybernoz 3 min read

F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices

Adam Bannister 16 November 2022 at 15:02 UTC Updated: 16 November 2022 at 15:06 UTC Widespread exploitation deemed ‘unlikely’ given hurdles Security vendor F5 has…

December 28, 2022 Cybernoz 3 min read

Google Roulette: Developer console trick can trigger XSS in Chromium browsers

Ben Dickson 17 November 2022 at 13:16 UTC Updated: 17 November 2022 at 14:10 UTC A case study on the complexity of browser security Malicious…

December 28, 2022 Cybernoz 3 min read

HackerOne encourages customers to adopt standard policy to protect hackers from legal problems

John Leyden 17 November 2022 at 15:27 UTC Updated: 28 November 2022 at 14:59 UTC ‘Short, broad, easily-understood safe harbor statement’ offered HackerOne has revamped…

December 28, 2022 Cybernoz 2 min read