(auto updated daily)

• We’re going teetotal: It’s goodbye to The Daily Swig
  March 2, 2023
  PortSwigger today announces that The Daily Swig is closing down

• We’re going teetotal: It’s goodbye to The Daily Swig
• Bug Bounty Radar // The latest bug bounty programs for March 2023
• Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
• Password managers: A rough guide to enterprise secret platforms
• Chromium bug allowed SameSite cookie bypass on Android devices
• Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
• NIST plots biggest ever reform of Cybersecurity Framework
• Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
• CVSS system criticized for failure to address real-world impact
• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
• HTTP request smuggling bug patched in HAProxy
• Belgium launches nationwide safe harbor for ethical hackers
• Remote code execution flaw patched in Apache Kafka
• Password manager security: Which is the right option for me?
• Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack
• OAuth ‘masterclass’ crowned top web hacking technique of 2022
• Radio silence from DMS vendor quartet over XSS zero-days
• New XSS Hunter host Truffle Security faces privacy backlash
• Second UK Computer Misuse Act consultation reflects ‘very little progress’
• DOM XSS vulnerability in Gartner Peer Insights widget patched
• Toyota sealed up a backdoor to its global supplier management network
• Google engineers plot to mitigate prototype pollution
• Serious security hole plugged in infosec tool binwalk
• Truffle Security relaunches XSS Hunter tool with new features
• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’
• Bug Bounty Radar // The latest bug bounty programs for February 2023
• Tell us what you think: The Daily Swig reader survey 2023
• Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems
• Facebook two-factor authentication bypass issue patched
• Ruby on Rails apps vulnerable to data theft through Ransack search
• Trellix automates tackling open source vulnerabilities at scale
• Yellowfin tackles auth bypass bug trio that opened door to RCE
• Bitwarden responds to encryption design flaw criticism
• IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
• AWS patches bypass bug in CloudTrail API monitoring tool
• Git security audit reveals critical overflow bugs
• Popular password managers auto-filled credentials on untrusted websites
• Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects
• WAGO fixes config export flaw threatening data leak from industrial devices
• US government announces third Hack The Pentagon challenge

TechNewsFeeds.com – A great resource to quickly preview news feeds from over 200 popular tech news websites and blogs.