A nice post on Unicode related Github vulnerability. This thing allowed an attacker to receive a reset password link for a Github account. That’s kinda fun!

#cybersec #unicode #vulnerability

A great post about RCE vulnerability in MX Player. The funny part is the RCE was gained because of some Facebook SDK.
 
#cybersec #vulnerability #facebook

Well, this is huge! A number of severe vulnerabilities were discovered in apps pre-installed on Samsung devices. Possibilities are endless: from spying and reading any file to full control over the system.

#cybersec #samsung #vulnerability

Amazing Kaspersky Password Manager vulnerability: for the standard preset it was generating the same exact password for every user each second.

#cybersec #vulnerability

A fascinating story about a Bumble app vulnerability that allowed to retrieve real location of users.

#vulnerability #cybersec #location

Epic fuckup: ads network was installing apps directly to users' devices using certain system-level apps, even when the users tried to close the ad banner. Highly recommend to check the post and the comments.

#vulnerability #cybersec #ads

In Vietnam COVID pass system used weak cryptography, which allowed researchers to get private key (and ability to generate valid QR codes) using several AWS instances, 9 hours and $250. Factoring as a Service indeed.

#cybersec #vulnerability

Fascinating story!
A researcher has found a way to bypass lockscreen on Pixel devices by entering SIM's PUK code.

#vulnerability #cybersec #google

Google reports that with each year there are less and less severe and memory safety vulnerabilities in Android, and rather unequivocally nods in Rust direction.

#cybersec #vulnerability #rust

There's this vulnerability in macOS that allows to rather accurately get first name of a user. In this post you'll find an explanation and a live demo to try it yourself.

#cybersec #vulnerability #macos

More exciting news from JS world: it turns out that NPM registry doesn't validate package manifest against its content.

#js #cybersec #vulnerability

Capslock by Google. Tool to check your dependencies for unexpected file and network access, arbitrary code execution, etc. One of the goals is to fight supply-chain attacks. Only available for Go at the moment, but they promise other languages later.

#google #cybersec #vulnerability

You've most probably heard about a recent high severity vulnerability in curl. Here you'll get the actual details. Such things never get old. Small bug with huge consequences.

#cybersec #vulnerability #curl

This researcher has checked old and new terminal emulators for vulnerabilities, and I must say, their findings make me paranoid as hell. For example, launch some server and stare at its logs, receive some smart request, oopsie, RCE. RCE because of your tty, not because of your server!

#talk #terminal #vulnerability