Source
PortSwigger
Bulletproof hosting duo jailed over support of cyber-attacks against US targets
Attacks leveraging defendants’ infrastructure inflicted heavy financial losses on victims
Security pre-advisories: A simple way to improve the patch management process
Improving enterprise security, one patch at a time
Historic scientific notation bug foils WAF defenses
AWS WAF and ModSecurity get ‘blinded by science’
Slack contains an XSLeak vulnerability that de-anonymizes users
Research inspired by similar flaws previously unearthed in Facebook, Twitter, and Microsoft Live
(ISC)² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap
CEO tells (ISC)² Security Congress how orgs should rethink hiring strategies
L0phtCrack password auditing tool goes open source
Original developers invite OS community to develop further capabilities
Node.js was vulnerable to a novel HTTP request smuggling technique
Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flaws
Bugs in malware create ‘backdoors’ for security researchers
Black hat trickery switched around to boost security defenses
Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers
Latest specification is a work in progress
Missouri governor criticized for confusing vulnerability disclosure with criminal hacking
Politician’s accusations unleash torrent of criticism and snarky memes from incredulous infosec pros