Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Prototype-pollution

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Latest manipulator-in-the-middle attacks

Manipulator-in-the-middle (previously referred to as ‘man-in-the-middle’) attacks involve scenarios where attackers successfully position themselves between a target and a trusted entity or resource.

In a traditional manipulator-in-the-middle (MitM) attack, a malicious actor relays communications between two parties who wrongly believe they are speaking directly to each other.

Using the latest MitM attacks and tactics, an attacker can eavesdrop on communications or alter the contents of an exchange between third parties.

The Daily Swig covers recent manipulator-in-the-middle attacks, offering insight and advice about evolving MitM attacks and tactics.

Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks

28 September 2022Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacksClients vulnerable due to improper certificate validation

NETGEAR resolves router bugs in bundled gaming component

16 September 2022NETGEAR resolves router bugs in bundled gaming componentSilicon Valley vendor tackles command injection and MitM-to-RCE issues

Uber hack

Social engineering attack uncovers hardcoded secrets in powershell script16 September 2022Uber hackSocial engineering attack uncovers hardcoded secrets in powershell script

Browser-powered desync

New class of HTTP request smuggling attacks showcased at Black Hat USA11 August 2022Browser-powered desyncNew class of HTTP request smuggling attacks showcased at Black Hat USA

Perfect timing

Cisco router flaw gives patient attackers full access to SME networks10 August 2022Perfect timingCisco router flaw gives patient attackers full access to SME networks

DNS amplification

Adversarial attacks can cause denial of service and fool network defense systems25 July 2022DNS amplificationAdversarial attacks can cause denial of service and fool network defense systems

Breaking the chain

Zyxel firewall vulnerabilities left business networks open to abuse22 July 2022Breaking the chainZyxel firewall vulnerabilities left business networks open to abuse

GPS hacker

Zero-days in tracking device pose surveillance, fuel cut-off risks20 July 2022GPS hackerZero-days in tracking device pose surveillance, fuel cut-off risks

Tor Browser 11.5

New release enables users to automatically circumvent censorship19 July 2022Tor Browser 11.5New release enables users to automatically circumvent censorship

‘Untenable risk to Firefox users’

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo15 July 2022‘Untenable risk to Firefox users’Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo

One in every 13 incidents blamed on API insecurity

22 June 2022One in every 13 incidents blamed on API insecurityLarger organizations are statistically more at risk, warns Imperva

HTTP/3 RFC

The backbone of the internet has received a major upgrade07 June 2022HTTP/3 RFCThe backbone of the internet has received a major upgrade

Yik Yak fixes MitM bug that leaked users’ GPS location

23 May 2022Yik Yak fixes MitM bug that leaked users’ GPS locationHairy MitM exploit independently discovered by two security researchers

TLStorm 2.0

Millions of Aruba and Avaya network switches affected by RCE flaws04 May 2022TLStorm 2.0Millions of Aruba and Avaya network switches affected by RCE flaws

Introducing vAPI

Open source lab environment aims to improve API security17 January 2022Introducing vAPIOpen source lab environment aims to improve API security

‘Add yourself as super admin’

Researcher details bug that exposed GSuite accounts to full takeover11 November 2021‘Add yourself as super admin’Researcher details bug that exposed GSuite accounts to full takeover

NSA warns of heightened wildcard TLS certificate risk

12 October 2021NSA warns of heightened wildcard TLS certificate riskWild Alpaca peril

The future of browser security

Check out the latest features destined for mobile and desktop29 September 2021The future of browser securityCheck out the latest features destined for mobile and desktop

‘Mission accomplished’

Security plugin HTTPS Everywhere to be deprecated in 202228 September 2021‘Mission accomplished’Security plugin HTTPS Everywhere to be deprecated in 2022

Parental advisory

Netgear fixes RCE flaw in routers’ parental controls feature23 September 2021Parental advisoryNetgear fixes RCE flaw in routers’ parental controls feature

Russian retailer issues DEXP phone recall following security audit

06 September 2021Russian retailer issues DEXP phone recall following security auditElectronics retailer DNS issued the product recall after a security researcher published their findings last week

‘Nasty stuff’

Research into Russian push-button cellphones uncovers legion of privacy and security issues03 September 2021‘Nasty stuff’Research into Russian push-button cellphones uncovers legion of privacy and security issues

Attacking Let’s Encrypt

Downgrade attack lowers the bar for printing fraudulent SSL certificates06 August 2021Attacking Let’s EncryptDowngrade attack lowers the bar for printing fraudulent SSL certificates

PwnedPiper

Critical flaws in TransLogic Pneumatic Tube System could see attackers sabotage hospital operations02 August 2021PwnedPiperCritical flaws in TransLogic Pneumatic Tube System could see attackers sabotage hospital operations

Multiple encryption flaws discovered in Telegram messaging protocol

22 July 2021Multiple encryption flaws discovered in Telegram messaging protocolVulnerabilities highlight risks of ‘knit-your-own’ crypto

HTTPSafeguard

Google to bolster Chrome privacy protections with HTTPS-First Mode15 July 2021HTTPSafeguardGoogle to bolster Chrome privacy protections with HTTPS-First Mode

Dell WMS subject to database exposure, session hijacking

08 July 2021Dell WMS subject to database exposure, session hijackingVulnerabilities were identified that could 'compromise administrative sessions'

Filesec.io

New project catalogs malicious file extensions being used by attackers07 July 2021Filesec.ioNew project catalogs malicious file extensions being used by attackers

Firmware vulnerabilities in Netgear routers created security risk

02 July 2021Firmware vulnerabilities in Netgear routers created security risk

Colonial Pipeline cyber-attack

US authorities seize $2.3m in DarkSide ransomware payments09 June 2021Colonial Pipeline cyber-attackUS authorities seize $2.3m in DarkSide ransomware payments

Lasso bug, roped up

Akamai offers comprehensive post-mortem on recently resolved authentication platform vulnerability03 June 2021Lasso bug, roped upAkamai offers comprehensive post-mortem on recently resolved authentication platform vulnerability

Bluetooth pairing pwned

Security researchers discover fresh wave of ‘impersonation attack’ flaws in wireless tech26 May 2021Bluetooth pairing pwnedSecurity researchers discover fresh wave of ‘impersonation attack’ flaws in wireless tech

Remote control

Remote Mouse mobile app contains raft of zero-day RCE vulnerabilities10 May 2021Remote controlRemote Mouse mobile app contains raft of zero-day RCE vulnerabilities

Troy Hunt at Black Hat Asia

‘We’re making it difficult for people to make good security decisions’06 May 2021Troy Hunt at Black Hat Asia‘We’re making it difficult for people to make good security decisions’

Sun, sea, and censorship

Mauritian government’s plan to intercept web traffic marks ‘death knell for freedom of speech’06 May 2021Sun, sea, and censorshipMauritian government’s plan to intercept web traffic marks ‘death knell for freedom of speech’

Second factor secrets

Duo 2FA tricked into sending authentication request to attacker-controlled device16 April 2021Second factor secretsDuo 2FA tricked into sending authentication request to attacker-controlled device

Cisco router flaws left small business networks open to abuse

14 April 2021Cisco router flaws left small business networks open to abuseComplexity to exploit authentication bypass bug ‘very low’

BleedingTooth RCE

Google drops full details of zero-click Linux Bluetooth bug chain08 April 2021BleedingTooth RCEGoogle drops full details of zero-click Linux Bluetooth bug chain

Nzyme of the times

New WiFi defense system detects and locates ‘bandit’ devices30 March 2021Nzyme of the timesNew WiFi defense system detects and locates ‘bandit’ devices

LocalStack 0days

Vulnerabilities chained to achieve remote takeover of local instances15 March 2021LocalStack 0daysVulnerabilities chained to achieve remote takeover of local instances