Friday 13 January 2023

Yikes, Control Web Panel has Critical RCE — Patch NOW - Security Boulevard

CWP RCE CVE POC BBQ: Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited right now.

Thursday 12 January 2023

FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto! - DevOps.com

The moral of the story: Don’t settle for what life gives you—make life better and build something

Wednesday 11 January 2023

If you don't love me now: JsonWebToken breaks the software supply chain (again) - ReversingLabs

JWT type confusion: Yes, here’s another example of the risks in uncontrolled software supply chains. This npm library is relied upon by countless apps and services — perhaps yours.

Tuesday 10 January 2023

Digital License Plates: Stupid, Pointless, Insecure - Security Boulevard

The ‘S’ in IoT is for Security: Reviver’s Rplate digital license plates are inherently insecure: Their design seems to be riddled with privacy holes, given the apparent lack of API security, which is easily defeated.

Monday 9 January 2023

CES 2023 FAIL: Worst in Show for Security and Privacy - Security Boulevard

This Happened in Vegas — it Should Stay in Vegas: The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances.