Google Alert - site: portswigger.net/daily-swig/vulnerabilities


QNAP fixes critical RCE vulnerabilities in NAS devices

The Daily Swig has sent additional questions to QNAP and Lynx Technology. We will update the article if and when we receive responses. This article … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/qnap-fixes-critical-rce-vulnerabilities-in-nas-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNHk51gHzxBKJ5oGaGfx5d-W3eErGA


Vulnerability in Nagios XI exploited by cryptojacking crooks to hijack systems

Security flaw discovered in network monitoring software … The Daily Swig has asked Palo Alto’s research team to offer an estimated number of … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/vulnerability-in-nagios-xi-exploited-by-cryptojacking-crooks-to-hijack-systems&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNGtXwZJ6uFUkxBbYeaEAMEOU_u9rw


Django Debug Toolbar tripped up by SQL injection flaw

Doctored forms pose threat to web framework DevOps plugin … The Daily Swig asked the plugin’s maintainers to offer additional comment on the … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/django-debug-toolbar-tripped-up-by-sql-injection-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNHjv18RpxZY9bSjtGK89l5MSLlrdg


Codecov users warned after backdoor discovered in DevOps tool

Gaining access. They gained access due to a vulnerability in Codecov’s Docker image creation process that allowed the actor to extract the credential … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/codecov-users-warned-after-backdoor-discovered-in-devops-tool&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNH2ulKJpHSNts2HbNvOCJRyGTZNXQ


Swiss Post launches public bug bounty program with YesWeHack

Qualifying vulnerabilities include remote code execution, cross-site … A spokesperson for Swiss Post told The Daily Swig: “Swiss Post’s IT security … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/swiss-post-launches-public-bug-bounty-program-with-yeswehack&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNHttmnDam4mHY8Znjfu_YfvyknN3Q


Cockpit CMS flaws exposed web servers to NoSQL injection exploits

Cockpit developer Artur Heinze told The Daily Swig that PT Swarm notified him of the vulnerabilities, and a patched version of the CMS was released … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cockpit-cms-flaws-exposed-web-servers-to-nosql-injection-exploits&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNHcgYbhi6dkG4USmAYQ6M_PS27zSg


When vulnerability disclosure goes sour: New GitHub repo details legal threats and risks faced by …

Speaking to The Daily Swig, researcher Sick Codes, who alongside Jericho and … something that “wouldn’t have happened” on the original website. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/when-vulnerability-disclosure-goes-sour-github-repo-details-legal-threats-and-risks-faced-by-ethical-hackers&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNF4QCFFc7M7Dyy1sVzJ_4wsC-HBwA


Database destruction vulnerability patched in old Kentico CMS build

NET content management system (CMS) for enterprise websites, … Speaking to the The Daily Swig, Stasinopoulos said that “it seems that the root … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/database-destruction-vulnerability-patched-in-old-kentico-cms-build&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNGsGEnwGHoMK_0rsPvZ5RLVJFpXrQ


Behind the Great Firewall: Chinese cyber-espionage adapts to post-Covid world with stealthier …

Threat intelligence experts quizzed by The Daily Swig said that Chinese state-sponsored attackers are at the forefront of developing new or novel … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/behind-the-great-firewall-chinese-cyber-espionage-adapts-to-post-covid-world-with-stealthier-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNFzYrPi88enTviZeEJAOZHJ353wrg


Cisco router flaws left small business networks open to abuse

Complexity to exploit the vulnerability is “very low”, Florian Lukavsky, managing director of IoT Inspector, told The Daily Swig. The first vulnerability … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/cisco-router-flaws-left-small-business-networks-open-to-abuse&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AFQjCNG58CfI1b95yhfgOlCmoQQF7KV8Wg