CyberAdviser News Portal

Adam Bannister07 February 2023 at 17:34 UTC Updated: 14 February 2023 at 11:15 UTC A security researcher recently commended Toyota for its swift action in responding to a reported security vulnerability, which thankfully did not lead to malicious exploitation. UPDATED: This article was revised on February 13 to address earlier claims regarding SHI International’s role…

Charlie Osborne08 February 2023 at 13:42 UTC Updated: 20 February 2023 at 12:31 UTC Web attack vector resolved following insufficient initial fixes An image showcasing the issue has been replaced with a new reference image: Gartner has addressed a DOM XSS vulnerability identified in its Peer Insights widget, a security concern that researchers believe has…

Adam Bannister 09 February 2023 at 17:12 UTC Updated: 22 February 2023 at 15:09 UTC Concerns arise as anonymized data regarding bug discoveries are removed following community feedback. UPDATED, February 22. On February 21, Truffle Security announced the addition of optional end-to-end encryption to its XSS Hunter fork, prompting favorable reactions on Twitter. The developers…

No updates or patches have been provided by the vendors of the affected document management systems. Recent research has highlighted several critical vulnerabilities in document management systems (DMS) affecting four enterprise-level providers, who have yet to address the security concerns. In a blog entry released on February 7, Tod Beardsley, director of research at Rapid7,…

Adam Bannister 10 February 2023 at 14:56 UTC Updated: 10 February 2023 at 16:10 UTC Single sign-on and request smuggling emerged as prominent topics in another remarkable year for web security research. Detectify founder Frans Rosén has secured the top spot in PortSwigger’s list of the most significant web hacking techniques of 2022 with his…

Welcome to your biweekly summary of application security vulnerabilities, emerging hacking techniques, and the latest news in cybersecurity. KeePass has recently found itself defending its integrity following allegations of a security vulnerability. Security researchers have signaled that a potential flaw could enable a trigger that exports all data from the KeePass database in clear text,…

Charlie Osborne 15 February 2023 at 14:01 UTC Updated: 17 February 2023 at 11:07 UTC New vulnerabilities identified in Kafka Connect can lead to remote code execution (RCE) and potential denial-of-service attacks. UPDATED: The Apache Software Foundation (ASF) has patched a critical vulnerability allowing for exploitation via Kafka Connect. First disclosed on February 8, this…

Exploitation of this bug can allow attackers to gain access to backend servers. HAProxy, a widely used open source load balancer and reverse proxy, has addressed a critical vulnerability that permitted attackers to execute HTTP request smuggling attacks. Through the submission of specially crafted HTTP requests, an attacker could potentially sidestep HAProxy’s protective filters, allowing…

API security presents a valuable entry point into a career in penetration testing, according to an expert in the field. INTERVIEW Securing web APIs requires a specialized approach rather than relying on traditional web application security, as standard tests often overlook prevalent vulnerabilities. This perspective is shared by API security specialist Corey J Ball, who…