Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and…
Month: March 2023
Why You Can’t Have True Zero Trust Without API Security
By Richard Bird, Chief Security Officer, Traceable Global adoption of Zero Trust security models is soaring and with good reason. Due to organizations’ embrace of…
ChatGPT Bug Exposed Payment Details of Paid Users
Earlier, a ChatGPT bug exposed conversation histories to other users, but now reports indicate that the bug also exposed the payment details of paid users…
The Best Bug Bounty Recon Methodology
My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are…
Microsoft shares tips on detecting Outlook zero-day exploitation
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. Tracked as…
Pre Auth Remote Command Execution (CVE-2022-36804) – Assetnote
Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper…
Australian police arrest four BEC actors who stole $1.7 million
The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between…
UK’s NCA infiltrates cybercrime market with fake DDoS sites
The agency set up several fake DDoS sites offering DDoS-for-hire services to infiltrate the online criminal marketplace. Remember when the Dutch police sent letters to…
Killnet targeting healthcare apps hosted on Microsoft Azure
Microsoft has detected that a Russian-affiliated hacking group dubbed Killnet has been targeting healthcare apps being hosted on the Azure cloud platform. The tech giant…
Government must take the lead on STEM diversity
MPs have asked the government to clarify how the newly created Department for Science, Innovation and Technology will help to increase diversity and inclusion in…
Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities
tl;dr ViewStates in JSF are serialized Java objects. If the used JSF implementation in a web application is not configured to encrypt the ViewState the…
ChatGPT payment data leak caused by open-source bug
OpenAI says a Redis client open-source library bug was behind Monday’s ChatGPT outage and data leak, where users saw other users’ personal information and chat…