Google Alert - site: portswigger.net/daily-swig/vulnerabilities


Tails users warned not to launch bundled Tor Browser until security fix is released – PortSwigger

The vulnerability does not break the anonymity and encryption of Tor connections, meaning that it is still safe and anonymous to access websites from … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/tails-users-warned-not-to-launch-bundled-tor-browser-until-security-fix-is-released&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1KNk-tGmqsgpmIW8yAA0Mn


DBIR 2022: Ransomware surge increases global data breach woes | The Daily SwigPortSwigger

A BAE Systems representative added that attackers are still using the same methods to infect systems – network vulnerabilities (open RDP ports) and … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/dbir-2022-ransomware-surge-increases-global-data-breach-woes&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1rZoyNg-_mEiOMhlpT5pIq


Critical Argo CD vulnerability could allow attackers admin privileges | The Daily SwigPortSwigger

Luckily for users, application is secure in its default settings. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/critical-argo-cd-vulnerability-could-allow-attackers-admin-privileges&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3PxtOR8CZdRMjTYqQeNHdk


Blockchain bridge Wormhole pays record $10m bug bounty reward | The Daily SwigPortSwigger

An attacker exploiting the vulnerability “could have held the entire protocol [to] ransom with the threat that the Ethereum Wormhole bridge would be … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/blockchain-bridge-wormhole-pays-record-10m-bug-bounty-reward&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3JUTEqp82SXSD1ev_pswTn


Yik Yak fixes information disclosure bug that leaked users’ GPS location | The Daily Swig

‘Anonymous’ social network Yik Yak took more than three months to address vulnerabilities that meant it wasn’t anonymous at all, despite reports … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/yik-yak-fixes-information-disclosure-bug-that-leaked-users-gps-location&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2VkSCKbnN1J1g52s0H2XM2


Widespread Swagger-UI library vulnerability leads to DOM XSS attacks | The Daily Swig

Dawid Moczadło, co-founder of Vidoc Security Lab, published a security advisory on May 16 documenting a DOM cross-site scripting (XSS) vulnerability … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3X0EnY0uPxAg-94AH_EH9V


Revisions to US Computer Fraud and Abuse Act will not prosecute ‘good-faith’ security research

“For example, discovering vulnerabilities in devices in order to extort … of the dating website or using a pseudonym on a social networking site … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/revisions-to-us-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-security-research&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0ZcwUcrJyr8QJvDBmCHRvY


Active attacks against VMware flaws prompts emergency update directive | The Daily Swig

CISA orders US federal agencies to implement patches ASAP. Active cyber-attacks against VMWare installs have prompted the US government to issue … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/active-attacks-against-vmware-flaws-prompts-emergency-update-directive&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1hTET2gx3ABGxA3WCWpbyF


Encrypted email service CTemplar announces closure | The Daily SwigPortSwigger

The Icelandic vendor published a short blog post on its website informing users that it will close on May 26, 2022. No reason was given for the … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/encrypted-email-service-ctemplar-announces-closure&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3CmzcYq0RYGPLFxYnDF-7_


Facebook account takeover: Researcher scoops $40k bug bounty for chained exploit – PortSwigger

And, he tells The Daily Swig, the same technique could have been used any other … The Facebook exploit leveraged a series of vulnerabilities, … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0DQ0Ses5MR0rmvOGLc3_Yr