F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices
Adam Bannister 16 November 2022 at 15:02 UTC Updated: 16 November 2022 at 15:06 UTC Widespread exploitation deemed ‘unlikely’ given hurdles Security vendor F5 has…
Category: PortSwigger
Google Roulette: Developer console trick can trigger XSS in Chromium browsers
Ben Dickson 17 November 2022 at 13:16 UTC Updated: 17 November 2022 at 14:10 UTC A case study on the complexity of browser security Malicious…
HackerOne encourages customers to adopt standard policy to protect hackers from legal problems
John Leyden 17 November 2022 at 15:27 UTC Updated: 28 November 2022 at 14:59 UTC ‘Short, broad, easily-understood safe harbor statement’ offered HackerOne has revamped…
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution Norwegian software firm Ibexa is urging users to apply a new patch immediately to resolve a…
Mastodon vulnerable to multiple system configuration problems
John Leyden 22 November 2022 at 15:23 UTC Updated: 23 November 2022 at 10:47 UTC The whole toot Multiple instances of social media platform Mastodon…
Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
Ben Dickson 25 November 2022 at 10:22 UTC Updated: 25 November 2022 at 11:17 UTC Attackers could gain full control of a cloud-hosted database A…
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote monitoring and management (RMM) platform,…
How to become a penetration tester: Part 1 – your path into offensive security testing
Fancy a career in what one practitioner described as the ‘best job in the world’? Read on to find out how… Since you’re reading The…
Million-dollar bug bounties: The rise of record-breaking payouts
As seven-figure vulnerability rewards continue to hit headlines, what is driving bug bounty inflation? Bug bounty rewards have breached the $1 million mark, and there…
Intel disputes seriousness of Data Centre Manager authentication flaw
Security researcher scores $10K bug bounty A security researcher has released details of how they were able to hack Intel’s Data Center Manager (DCM). More…
Tailscale VPN nodes vulnerable to DNS rebinding, RCE
Users should manually update to the latest version now UPDATED A series of flaws in Tailscale, an open source mesh virtual private network (VPN) software,…
Bug Bounty Radar // The latest bug bounty programs for December 2022
New web targets for the discerning hacker Bug bounty platform HackerOne has launched a scheme to encourage customers to adopt a standard policy geared towards…