Want to create customized scans without learning to build an extension? Extend Burp Scanner's capabilities quickly and easily, with a BCheck, to scan applications for exactly what you're looking for. Coming to stable soon. #bchecks portswigger.net/burp/documenta…

Excellent customer service from Richer Sounds. Rang to query why 6yr guarantee unavailable on a product I was looking at (when it was on a similar product). 4 hours later - not only do they ring me back to tell me it was a mistake but they've fixed the website. Good job!

Is there really no way Just Eat UK that a lost-n-found gift card can be reactivated? I assume it's expired (website only says "invalid" and have triple-checked code). Having to tweet because your "Contact us" page does no such thing.

First round of BSides Cambridge tickets are live! We've got some great talks lined up. Get your tickets now. If you're a student, message us or Mel and we'll sort something out. #bsides #bsidescambs #infosec #cybereast eventbrite.co.uk/e/bsides-cambr…

As usual from PortSwigger Research and James Kettle, it's not just the theory but the accompanying resources which support the practice - nice job!

Some fun with AI (trailer at youtube.com/watch?v=VqY0-H…)

Calling all infosec students near #Glasgow #DC44141 - a worthy cause and potentially more than a warm glow in return

Great day BSides Cambridge - nice job everyone

🚨 Urgent Update: #Google has released a Chrome update to patch a new high-severity zero-day #vulnerability (CVE-2023-5217) that is being exploited in the wild. Read: thehackernews.com/2023/09/update… #infosec #cybersecurity #informationsecurity

Poor show Evernote - used to be able to export all notebooks at once for back-up, now it seems I have to export each notebook in turn. Why make something so important harder to do?

A lot of people will be forgetting Evernote now. I only store text (more or less). I appreciate they have costs and I'd be prepared to bung them a few quid but this drastic change without warning will push many to find an alternative.

When there seems to be so much doom and gloom around, this story of innovation + determination + dedication is a ray of hope

The Alexandra Palace steward in this story should be congratulated - he followed protocol under pressure. So important for 'first line' staff to have a robust process to follow and to be confident sticking with it. talksport.com/sport/1705572/…

New Sonos app - yuk. Key features missing. Maybe I've just not found things like how to edit the queue. Best case, unintuitive UI; worst case, something that worked (mostly - has definitely got buggier and slower recently) is undeniably worse. Trust that updates are coming...

More awesome work from Rich Warren and Johnny Fishcake

All I want for Christmas is U(RL handlers not vulnerable to RCE)... AmberWolf has published information about CVE-2024-12908, a Remote Code Execution vulnerability in the Delinea Secret Server Protocol Handler. You can read our blog & PoC here: blog.amberwolf.com/blog/2024/dece…

Interesting compromise of Cyberhaven's Chrome extension with a malicious OAuth app using a genuine OAuth flow cyberhaven.com/engineering-bl…

As a #Salesforce admin or security pro, does it frustrate you that it's impossible to configure an account to have full access to the config of a Salesforce Org as read-only? Upvote ideas.salesforce.com/s/idea/a0BHp00…

2 instances this week of OAuth SaaS integrations where the setup guide says "login as admin". Even with scopes, the connections are overprivileged. Getting flashbacks of software that "needs" to be installed as admin (translation: cos then it just works).

SQLi despite 'secure' Prepared Statements! Known to affect mysql and mysql2, nice write-up from Balazs Bucsay [EQ] (and with due credit to previous work by other researchers)