Prototype pollution project yields another Parse Server RCE

The latest programs for February 2023

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

A rough guide to launching a career in cybersecurity

A schedule of events in 2022 and beyond

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

“A far-reaching, catastrophic cyber event is likely in the next two years” according to 93% of cybersecurity experts and 86% of business leaders polled by the World Economic Forum (WEF) .

Geopolitical instability and the enduring shortage of cybersecurity skills are making the situation more precarious and causing firms to rethink their presence in certain regions, revealed the WEF’s Global Cybersecurity Outlook 2023 report, which canvassed the views of 300 experts and C-suite executives.

In the meantime, we’re still seeing plenty of very, very bad cyber-attacks and breaches. Most recently, there’s been another mega breach at T-Mobile (37 million customers affected this time), the theft of source code and ensuing $10 million ransom demand from video games developer Riot Games , and the inadvertent exposure by an airline of the US government’s No Fly List , a roll call of suspected terrorists, from 2019.

The LastPass situation is also continuing to evolve following the November breach of its password vaults in November, with the latest update from the beleaguered password manager admitting that “a threat actor exfiltrated encrypted backups from a third-party cloud storage service”.

Sign up to Daily Swig Deserialized, our new fortnightly rundown of web security, bug bounty, and hacking culture news

While rival services will no doubt spy an opportunity to grow their market share given the market leader’s reputational crash, the hack is also perhaps bringing unprecedented scrutiny to the hitherto highly regarded field. Indeed, The Daily Swig recently reported on how several popular password managers auto-filled credentials on untrusted websites, while Bitwarden responded to renewed criticism of its encryption scheme by enhancing its default security configuration.

A fruitful security audit of Git ’s source code is another notable story we covered since the last edition of Deserialized.

Here are some more web security stories and other cybersecurity news that caught our attention in the last fortnight:

ChatGPT lowers the barriers to entry for cybercrime but is of little use to state-backed cybercrooks

PREVIOUS EDITION Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more