The Daily Swig

It's an issue that affects everyone. How can users protect their accounts? Martyn recommends services deploy the following:pic.twitter.com/qwVsr5t6pm

“We are in the best industry in the world” – Dan Cuthbert (@dcuthbert) opens this year’s #BSidesLeeds with a look at how infosec has changed, from 90s misfits to Mr. Robot hitting the massespic.twitter.com/GCRaOs3jyk

A power cut in Lagos salvaged Maersk’s network infrastructure during the NotPetya attack of 2017, the shipping conglomerate’s CISO has admitted https://portswigger.net/daily-swig/when-the-screens-went-black-how-notpetya-taught-maersk-to-rely-on-resilience-not-luck-to-mitigate-future-cyber-attacks …pic.twitter.com/Ge15jp6DeO

Day two of #BHEU is well underway. Check out our rolling coverage of the event and catch up on some of the best presentations here: https://portswigger.net/daily-swig/black-hat …pic.twitter.com/LKFezVtgQa

.@PortSwigger’s James Kettle presented his updated HTTP Desync Attacks talk at #BHEU today. Still unfamiliar with this technique? Check out our earlier coverage for the full web stack-smashing details https://portswigger.net/daily-swig/ancient-technique-tears-a-hole-through-modern-web-stacks-at-black-hat-2019 …pic.twitter.com/l9FIEzguPU

“It is disappointing to see Apple use their power to try and destroy a start-up with so much potential” – Maria Markstedter, founder of @azeria_labs, weighs in on the Apple-Corellium lawsuit https://portswigger.net/daily-swig/apple-corellium-lawsuit-raises-concerns-among-security-research-community …pic.twitter.com/XX7sMt0a97

Developments to numerous OWASP security projects were outlined at the #AllDayDevOps conference this week https://portswigger.net/daily-swig/owasp-security-projects-showcased-at-all-day-devops-conference …pic.twitter.com/TF1I21ES1V

Project Zero researcher Sergei Glazunov has demonstrated how to bypass the Payment Handler API that comes bundled with @googlechrome https://portswigger.net/daily-swig/site-isolation-bypass-discovered-in-google-chromes-payment-handler-api …pic.twitter.com/R2aV5mgbQH

October saw the arrival of several new bug bounty programs. Here’s a roundup of the latest targets https://portswigger.net/daily-swig/bug-bounty-radar-october-2019 …pic.twitter.com/MX6tN6oclW

.@CISAgov has issued a reminder that Microsoft is ending support for Windows 7 next year. Check out our earlier coverage for full details https://portswigger.net/daily-swig/millions-of-computers-at-risk-as-windows-7-nears-end-of-life …pic.twitter.com/nseZtpWwz2

New design, who dis? https://portswigger.net/daily-swig pic.twitter.com/Vff6PF5Gab

The Daily Swig’s @cathapman takes @SwissCyberStorm attendees on a tour of the bug bounty landscape this morning #SCS19 https://www.swisscyberstorm.com/schedule/ pic.twitter.com/aK6MsZq1r6

Developer Paul Price (@darkp0rt) has launched an open source tool that searches for leaked secrets in GitHub https://portswigger.net/daily-swig/open-source-tool-for-bug-hunters-searches-for-leaked-secrets-in-github-commits …pic.twitter.com/twT5o1grT2

Introducing ‘AV Oracle’ – a blind SSRF exploit that causes antivirus software to spill private data https://portswigger.net/daily-swig/av-oracle-new-hacking-technique-leverages-antivirus-to-steal-secrets …pic.twitter.com/EYoTKIyQzG

Who let these humans out of the office? The @DailySwig and @PortSwigger teams join forces at #BSidesMCR2019pic.twitter.com/gpzICQkJPP

Pro hacker @N1ckDunn outlines his ‘Black Swan’ threat modelling methodology for non-standard systems and apps at #BSidesMCR2019pic.twitter.com/S0Q6hAq9g9

Onto Track 4, where Elise Manna is talking all about phishing at #BSidesMCR2019pic.twitter.com/3z4EpLjWr1

Spotted: The @PortSwigger team hanging out at #BSidesMCR2019pic.twitter.com/BwKWEOeFER

As per tradition, James Kettle (@albinowax) helps open up @BSidesMCR with a fresh talk on HTTP request smugglingpic.twitter.com/egOvuwOILc

The crowd on Track One gets ready to kick off #BSidesMCR2019pic.twitter.com/Ju9jEASBGA