An analysis of the way in which symlinks are handled by Google’s Chrome browser and other web browsers that use the Chromium web browser project revealed a vulnerability that can result in the theft of sensitive data including crypto wallets and cloud provider credentials. It is dubbed CVE-2022-3656. The issue was partially fixed in Chrome 107 and fully redressed in Chrome 108.
Trustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. When running firmware V1.3.6, it allows an attacker to replay the same data or similar data, possibly allowing an attacker to control the device attached to the relay without requiring authentication.
Read also: Twitter says there’s no evidence of a new breach, Microsoft fixes a Windows zero-day, and more.
In this article, we’ll look at Content Security Policy through the eyes of a penetration tester. We will outline the advantages of CSP, explain why you should have it on your site, and share some common misconfigurations that can be exploited, along with the relevant bypass scenarios. What is Content Security Policy?
Coming off a rough and wild end to 2021 with Log4Shell in all our minds, Snyk jumped out of the gates quickly and began providing the AppSec world with new capabilities that did not disappoint. In this blog, you can review most of the key investments we made in 2022 to improve performance, add new ecosystems, and support the enterprise.
2022 was another record-breaking year for the Snyk platform. Helping an ever-growing number of customers find and fix issues across all the components making up their applications, the Snyk platform enabled over 2,500 customers during 2022 to import over 6.7 million projects, execute over 3 billion tests, and fix over 5 million issues!
