Unsafe yaml load can lead to remote code execution on 04/05/2024
Liberapay disclosed a bug submitted by mrrobot2050: https://hackerone.com/reports/2467232 [...]
InfoSec Planet
A collection of diverse security content from a curated list of sources. This website also serves as a demo for "worker-planet", the software that powers it.
Follow-up or Fail by Rafael de Carvalho on 03/05/2024
Rafael de Carvalho shares 3 tips for managing the pitfalls of saying "yes." [...]
Friday Squid Blogging: Squid Purses on 03/05/2024
Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
My TED Talks on 03/05/2024
I have spoken at several TED conferences over the years. TEDxPSU 2010: “Reconceptualizing Security” TEDxCambridge 2013: “The Battle for Power on the Internet” TEDMed 2016: “Who Controls Your Medical Data?” I’m putting this here because I want all three links in one place. [...]
Reflected XSS via Keycloak on [CVE-2021-20323] on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/2221104 [...]
reflected xss [CVE-2020-3580] on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/2479161 [...]
Reflected Cross-site Scripting via search query on on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by neg0x: https://hackerone.com/reports/2434904 [...]
Reflected XSS on error message on Login Page on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by kurogai: https://hackerone.com/reports/2417864 [...]
Reflected XSS via Moodle on [CVE-2022-35653] on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/2444032 [...]
SQL injection on via 'where' parameter on 03/05/2024
U.S. Dept Of Defense disclosed a bug submitted by neg0x: https://hackerone.com/reports/2433970 [...]
fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect on 03/05/2024
Node.js disclosed a bug submitted by uzlopak: https://hackerone.com/reports/2377760 [...]
Proxy-Authorization header not cleared on cross-origin redirect in undici.request on 03/05/2024
Node.js disclosed a bug submitted by iylz: https://hackerone.com/reports/2408074 [...]
HackerOne Invests in Leaders with New Development Program by Pamela Greenberg on 03/05/2024
Do You Need to Know Programming? on 03/05/2024
HTTP Request Smuggling via Content Length Obfuscation on 03/05/2024
Node.js disclosed a bug submitted by bpingel: https://hackerone.com/reports/2237099 [...]
Rare Interviews with Enigma Cryptanalyst Marian Rejewski on 03/05/2024
The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography. [...]
Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 2) on 03/05/2024
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection.adobe.com on 02/05/2024
Adobe disclosed a bug submitted by renzi: https://hackerone.com/reports/1842801 [...]
HackerOne’s Spring Day of Service by Marina Briones on 02/05/2024
HackerOne Live Hacking Event Recap: Las Vegas w/ Amazon on 02/05/2024
CREST and Pentesting: What You Need to Know by HackerOne Pentest Delivery Team on 02/05/2024
Learn the importance of using a CREST-certified and approved security partner for your pentest engagements. [...]
The life and times of an Abstract Syntax Tree by Trail of Bits on 02/05/2024
By Francesco Bertolaccini You’ve reached computer programming nirvana. Your journey has led you down many paths, including believing that God wrote the universe in LISP, but now the truth is clear in your mind: every problem can be solved by writing one more compiler. It’s true. Even our soon-to-be artificially intelligent overlords are nothing but compilers, just as the legends foreto [...]
Your Google Account allows you to create passkeys on your phone, computer and security keys on 02/05/2024
Sriram Karra and Christiaan Brand, Google product managersLast year, Google launched passkey support for Google Accounts. Passkeys are a new industry standard that give users an easy, highly secure way to sign-in to apps and websites. Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts.As more users encounter pass [...]
The UK Bans Default Passwords on 02/05/2024
The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufactur [...]
My #adhd brain when the bell rings on 02/05/2024
Mailgun subdomain takeover on 02/05/2024
Deriv.com disclosed a bug submitted by zacian: https://hackerone.com/reports/2270082 - Bounty: $100 [...]
LIVE Resume Advice Throughout Your Career | Cyber Security | Soft Skills | Q & A on 02/05/2024
“Problems I Have Faced In My Bug Bounty Journey” - @Unkownuser1806 medium reading on 01/05/2024
Production Key and Data Found on Subdomain No Longer Operated by Shopify / Dangling DNS on 01/05/2024
Shopify disclosed a bug submitted by ryanmoles6: https://hackerone.com/reports/1590115 [...]
No Session Expiry after log-out, attacker can reuse the old cookies on 01/05/2024
Shopify disclosed a bug submitted by niraj1mahajan: https://hackerone.com/reports/1162443 - Bounty: $500 [...]
HackerOne and Zoom Select EverythingALS as the Latest Charity For #Hackforgood by HackerOne on 01/05/2024
HackerOne has partnered with Zoom to select EverythingALS as the Hack For Good donation option for ALS Awareness Month. [...]
Creating A Wordlist For CI/CD Hacking (Using AI) on 01/05/2024
HackerOne’s Next Stage of Growth by Marten Mickos on 01/05/2024
I am retiring from HackerOne and have started the search for my successor as CEO of this awesome company. [...]
AI Voice Scam on 01/05/2024
Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her. [...]
Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint. on 01/05/2024
IBM disclosed a bug submitted by suryahss: https://hackerone.com/reports/2456603 [...]
Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 1) on 30/04/2024
Detecting browser data theft using Windows Event Logs on 30/04/2024
Posted by Will Harris, Chrome Security Team .code { font-family: "Courier New", Courier, monospace; font-size: 11.8px; font-weight: bold; background-color: #f4f4f4; padding: 2px; border: 1px solid #ccc; border-radius: 2px; white-space: pre-wrap; display: inline-block; line-height: 12px; } .highlight { color: red; } Chromium's sandbox [...]
Introducing the Wallarm Q1 2024 API ThreatStats™ Report by Nikhil Menon on 30/04/2024
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we encourage you to download the full report, here are some key observations about what you’ll find within. AP [...]
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years by BrianKrebs on 30/04/2024
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” deman [...]
Curvance: Invariants unleashed by Trail of Bits on 30/04/2024
By Nat Chin Welcome to our deep dive into the world of invariant development with Curvance. We’ve been building invariants as part of regular code review assessments for more than 6 years now, but our work with Curvance marks our very first official invariant development project, in which developing and testing invariants is all we did. Over the nine-week engagement, we wrote and tested 216 invari [...]
WhatsApp in India on 30/04/2024
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption. [...]
Devious Python Build Requirements by Charles Coggins on 29/04/2024
🗣️This is part of a series of posts examining the methods malicious Python code gains execution.The previous installment of this series demonstrated the weakness in allowing source distributions as dependencies. They lead to executing arbitrary code from setup.py files tucked away in the dependency hierarchy. A best practice is to enumerate the complete set of dependencies, in the f [...]
Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash on 29/04/2024
Internet Bug Bounty disclosed a bug submitted by bart: https://hackerone.com/reports/2453328 - Bounty: $3645 [...]
FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data by BrianKrebs on 29/04/2024
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In Febru [...]
How a Prompt Injection Vulnerability Led to Data Exfiltration by Sandeep Singh on 29/04/2024
As the use of GenAI and LLMs has ramped up, so have the vulnerabilities that come with them, and one of the worst is prompt injection. [...]
How we fought bad apps and bad actors in 2023 on 29/04/2024
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here's what these principles mean in practice: (S)afeguard our Users. Help them discover [...]
The truth about ethical hackers: Are they trustworthy? by Anna Hammond on 29/04/2024
To outmanoeuvre cybercriminals, the key is to beat them to the punch by working with ethical hackers. However, a question often arises: Can we trust ethical hackers? Especially when we don’t know them personally? Through platforms such as Intigriti, the short answer is yes, you can trust these individuals. However, the word ‘hacker’ carries a […] The post The tr [...]
Whale Song Code on 29/04/2024
During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end. In theory, this idea was relatively simple. A [...]
Introducing Misconfig Mapper by intigriti on 29/04/2024
In case you missed it on our Twitter channel, we’ve recently launched Misconfigurations Mapper (or MisconfigMapper for short)! Misconfig Mapper is a new project designed by Intigriti Hackers Team to help you find security misconfigurations in popular services used at your bug bounty/penetration testing targets (such as Atlassian, Jenkins, etc.).Additionally it can help you find […] The [...]
Attachment disclosure via summary report on 29/04/2024
HackerOne disclosed a bug submitted by xklepxn: https://hackerone.com/reports/2442008 [...]
Code exec on Github runner via Pull request name on 28/04/2024
Hyperledger disclosed a bug submitted by another_dude: https://hackerone.com/reports/2471956 [...]
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE on 28/04/2024
Internet Bug Bounty disclosed a bug submitted by parantheses: https://hackerone.com/reports/2401359 - Bounty: $2580 [...]
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() on 28/04/2024
Internet Bug Bounty disclosed a bug submitted by scyoon: https://hackerone.com/reports/2402193 - Bounty: $2580 [...]
Lessons Learned from Over a Decade of On-Call by Shubhi Gupta on 26/04/2024
Shubhi Gupta shares tips and lessons from 12 years of being an on-call engineer. [...]
Friday Squid Blogging: Searching for the Colossal Squid on 26/04/2024
A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
Accelerating incident response using generative AI on 26/04/2024
Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident ResponseIntroductionAs security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We [...]
Kubernetes — A Journey Has Just Begun by Konstantinos Stavropoulos on 26/04/2024
Exhausted but hopeful and longing for new horizons, the Infrastructure Team embarked on the "Container Journey." [...]
6 Tips to Stay Motivated on 26/04/2024
On Writing Well as a Software Engineer by Charlie Kroon on 26/04/2024
Charlie Kroon discusses tips for good writing to make you a better and more impactful engineer. [...]
Hackers Abuse Zero-Day Exploit for CrushFTP on 26/04/2024
Announcing two new LMS libraries by Trail of Bits on 26/04/2024
By Will Song The Trail of Bits cryptography team is pleased to announce the open-sourcing of our pure Rust and Go implementations of Leighton-Micali Hash-Based Signatures (LMS), a well-studied NIST-standardized post-quantum digital signature algorithm. If you or your organization are looking to transition to post-quantum support for digital signatures, both of these implementations have been engin [...]
Unveiling the 5 hidden costs of a cyberattack by Georgie Walsh on 26/04/2024
Recent years have witnessed a dramatic surge in cyberattacks, with both the frequency and sophistication of attacks reaching unprecedented levels. Cybercrime is anticipated to cost companies all over the globe an estimated $10.5 trillion annually by 2025, and IoT attacks alone are expected to double by then too. While the immediate (typically financial) impacts of a cyberatta [...]
Long Article on GM Spying on Its Cars’ Drivers on 26/04/2024
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies. [...]
Remote vulnerabilities in spp on 25/04/2024
PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/2177925 - Bounty: $12500 [...]
Python vs. Bash vs. PowerShell: The Benefits of Each on 25/04/2024
Accelerate Find-to-Fix Cycles With Hai by Martijn Russchen on 25/04/2024
You can now streamline and enhance your vulnerability management process with HackerOne’s in-platform GenAI copilot, Hai. [...]
The Rise of Large-Language-Model Optimization on 25/04/2024
The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, ar [...]
Game Hacking 101: an Introduction to Pwn Adventure 3 on 25/04/2024
Hack My Career: Meet Frances H by Marina Briones on 24/04/2024
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames on 24/04/2024
Internet Bug Bounty disclosed a bug submitted by bart: https://hackerone.com/reports/2453322 - Bounty: $2580 [...]
Python Package Installation Attacks by Charles Coggins on 24/04/2024
🗣️This is part of a series of posts examining the methods malicious Python code gains execution. If you haven't already, you'll likely want to start with the core concept of package spoofing.We're back at it, thinking like attackers that find ways to trick unsuspecting developers into running malware. Previous methods explored creating trojan functions and imports, wh [...]
Python Trojan Functions and Imports by Charles Coggins on 24/04/2024
🗣️This is part of a series of posts examining the methods malicious Python code gains execution. If you haven't already, you'll likely want to start with the core concept of package spoofing.Calling a trojan functionThis method is also maybe the most obvious: add additional code to existing functions. What easier way to gain code execution in Python than to write a functio [...]
Python Package Spoofing by Charles Coggins on 24/04/2024
🗣️This is part of a series of posts examining the methods malicious Python code gains execution.Creating a functional package and hosting it on the Python Package Index (PyPI) is the foundation of most malicious Python packages. Making one that developers will actually want is hard. Malware authors know that proper R&D is essential to their success. Instead of research and devel [...]
Series: How Malicious Python Code Gains Execution by Charles Coggins on 24/04/2024
The primary vector for malicious code running in software developer environments (e.g., local system, CI/CD runners, production servers, etc.) is software dependencies. This is third-party code which often means open-source software, also known as running code from strangers on the internet.The prized goal for attackers is arbitrary code execution. It’s the stuff high CVE scores are made of [...]
LIVE Hacking | New Course | AppSec | Cybersecurity | Pentesting on 24/04/2024
SOC 2 and Pentesting: What You Need to Know by HackerOne Pentest Delivery Team on 24/04/2024
Learn about the importance of SOC 2 Type II compliance and how to address it with methodology-driven pentesting. [...]
This File Steals Passwords on 24/04/2024
Nation-State Threat Actors Renew Publications to npm by Phylum Research Team on 24/04/2024
Back in November of 2023, we published a blog post highlighting the technical details of a sophisticated attack in npm attributed to North Korea. We subsequently published a follow-up in January of 2024 detailing the history of the attack and highlighting the broader context of North Korean APTs operating in open-source ecosystems. Since then, it’s been relatively quiet—until today. [...]
Uncovering potential threats to your web application by leveraging security reports on 23/04/2024
Posted by Yoshi Yamaguchi, Santiago Díaz, Maud Nalpas, Eiji Kitamura, DevRel team The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues such as security violations or soon-to-be-deprecated APIs, from users’ browsers from all over the world. Collectin [...]
3 Ways to Avoid Burnout on 23/04/2024
Human-Powered Security: The Value of Ethical Hackers & Bug Bounty by HackerOne on 23/04/2024
Who is an ethical hacker, what is a bug bounty program, and why is human-powered security the best method for strengthening your security posture? [...]
RXSS in hidden parameter on 23/04/2024
IBM disclosed a bug submitted by hassan_sheet: https://hackerone.com/reports/2090964 [...]
Hackers Use Github For Malware on 23/04/2024
Jira Credential Disclosure within Mozilla Slack on 23/04/2024
Mozilla disclosed a bug submitted by griffinf: https://hackerone.com/reports/2467999 [...]
HTTP Multiline headers #bugbounty #bugbountytips #bugbountyhunter on 23/04/2024
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme by BrianKrebs on 22/04/2024
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, [...]
CVE-2024-2398: HTTP/2 push headers memory-leak on 22/04/2024
Internet Bug Bounty disclosed a bug submitted by w0x42: https://hackerone.com/reports/2442613 - Bounty: $2580 [...]
Denial of Service caused by HTTP/2 CONTINUATION Flood on 22/04/2024
Internet Bug Bounty disclosed a bug submitted by bart: https://hackerone.com/reports/2334401 - Bounty: $4860 [...]
Capital One Teams Up With Top-Tier Ethical Hackers at H1-305 by HackerOne on 22/04/2024
Capital One and 52 highly skilled global ethical hackers came together for the organization's second live hacking event with HackerOne. [...]
How transport and logistics businesses can strengthen their cyber defenses by Georgie Walsh on 22/04/2024
The transport and logistics (T&L) industry is a crucial player in today’s interconnected world, enabling the seamless movement of goods across long distances with exceptional efficiency. However, this very efficiency has also made the industry a prime target for cyber attacks. As T&L companies rely increasingly on digital technologies to optimize operations, they become v [...]
Hack Active Directory with LLMNR on 22/04/2024
Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com on 22/04/2024
Adobe disclosed a bug submitted by renzi: https://hackerone.com/reports/1842800 [...]
Turning a $500 bounty into $30,000+ on 22/04/2024
Finding WEIRD Devices on the Public Internet on 22/04/2024
Wallarm’s Open Source API Firewall debuts at Blackhat Asia 2024 – Introduces Key New Features & Functionalities by wlrmblog on 22/04/2024
Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native environments using API schema validation. By relying on a positive security model, our API Firewall only a [...]
Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter on 22/04/2024
Cleartext Transmission of password via Email on 22/04/2024
Sheer disclosed a bug submitted by tuannq_gg: https://hackerone.com/reports/2337938 - Bounty: $200 [...]
Docker Secret Disclosure via GitHub Actions Cache Poisoning on 20/04/2024
Hyperledger disclosed a bug submitted by adnanthekhan: https://hackerone.com/reports/2410111 - Bounty: $2000 [...]