The Daily Swig

New differential fuzzing tool reveals novel HTTP request smuggling techniques

Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.

WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws

Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.

Data Breach at New Mexico Healthcare Business Impacts 62,000 State Residents

The personally identifiable information of more than 62,000 U.S. citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.

VMware addresses SSRF, arbitrary file read flaws in vCenter Server

With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE-2021-21980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty

Now fixed, the bug, which researcher avid Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.

CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications

A pair of cross-site scripting (XSS) bugs, which are deemed ‘moderately critical’ by Drupal, could have a far-reaching impact since CKEditor is incorporated into numerous online applications.

Tor Project unveils plans to route device traffic through Tor anonymity network with new VPN-like service

The development work will initially involve a collaboration between developers on the Tor Project and Guardian Project, which is known for Orbot, a proxy server that provides anonymity to users.

Microsoft fixes reflected XSS in Exchange Server

The bug (CVSS score 6.5) has a low attack complexity, according to Microsoft, which published a security advisory on November 9 indicating that there was no evidence of in-the-wild exploitation.

Server-side vulnerabilities in Concrete CMS put thousands of websites under threat

Multiple security vulnerabilities in a popular open source content management system (CMS) could allow a malicious attacker to gain full control of the underlying web server.

Number of cyber-attacks infiltrating critical New Zealand networks soars

Ransomware and denial-of-service attacks, both rife in line with international trends, accounted for a significant share of post-compromise attacks against New Zealand-based targets.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags