Google Alert - site: portswigger.net/daily-swig/vulnerabilities


Research roadblock? Security pros weigh in on China’s new vulnerability disclosure law

Security pros weigh in on China’s new vulnerability disclosure law … and member of ISACA’s Emerging Trends Working Group, told The Daily Swig. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/research-roadblock-security-pros-weigh-in-on-chinas-new-vulnerability-disclosure-law&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNHltms2A3ChLzO-1_vpJ-r0yU3JQQ


Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature

Vulnerabilities in the way websites resolve email domains have left many … to obtain password reset URLs in emails,” Longin told The Daily Swig. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/dozens-of-web-apps-vulnerable-to-dns-cache-poisoning-via-forgot-password-feature&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNFSficbfvr3TjOmF3baQALg0m8uQg


Multiple encryption flaws uncovered in Telegram messaging protocol

Royal Holloway professor Martin Albrecht told The Daily Swig that the researchers offered lessons for other developers of secure messaging apps … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNFzfGqXfRk95Zt1r7EwODewbckxJQ


Respect in Security: New infosec campaign aims to stamp out harassment

Speaking to The Daily Swig, Marc Avery, director at Cyber Chain Alliance and co-founder of Respect in Security, said one of the main issues in the … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/respect-in-security-new-infosec-campaign-aims-to-stamp-out-harassment&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNEoVBztEy3jJuWRgrQjTu6qgBOdBQ


Loyalty management tech firm Antavo launches bug bounty program

Our program is in a highlighted position on their platform.” Csaba Mészáros, co-CEO of Hacktify International, told The Daily Swig that “incoming bug … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/loyalty-management-tech-firm-antavo-launches-bug-bounty-program&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNGrvhQX93IjiyfB9cwIJ4a1pN7DbA


cURL developers take a second shot at fixing information disclosure flaw

Developers have taken a second stab at fixing a tricky flaw in cURL, the … writing test cases for it) – mistakes easily happen,” he told The Daily Swig. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/curl-developers-take-a-second-shot-at-fixing-information-disclosure-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNGC4YrjBGYnI0IXm-XR2yDFdITwwQ


WordPress 5.8 update extends Site Health interface for developers

WordPress has extended its Site Health interface for developers, allowing for greater visibility over potential security flaws. Version 5.8 of WordPress … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/wordpress-5-8-update-extends-site-health-interface-for-developers&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNFl7yLFMxyPhd1t98nwVIgtEBL1fA


Update now: TIBCO Data Virtualization software vulnerable to RCE via third-party flaws, claims …

TIBCO has yet to respond to The Daily Swig‘s invitation to comment, but we will … Ribeiro said he previously exploited the BeanShell flaw in DrayTek … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/update-now-tibco-data-virtualization-software-vulnerable-to-rce-via-third-party-flaws-claims-researcher&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNEgN1V9wPav6JiSjnjUcpSpb28BhQ


Chained vulnerabilities in Aruba Networks firmware allowed remote code execution on routers

“We have Aruba routers providing us web access in our office,” Greenhut told The Daily Swig. “Our research started because we were working from … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/chained-vulnerabilities-in-aruba-networks-firmware-allowed-remote-code-execution-on-routers&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNGilJyBMmwKAH-Z6VXbSDObiPPKVw


Umbraco flags pending security patch for RCE vulnerability in forms package

Umbraco declined to comment further in response to a query from The Daily Swig. This article may be updated with further details following the release … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/umbraco-flags-pending-security-patch-for-rce-vulnerability-in-forms-package&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNFxQ1iJWuPoKV5hZ5PSRkB34s-40g