● Yet another website: nored0x.github.io https://t.me/cKure/12263
All posts tagged cyber
March 28, 2023 at 12:38AM
■■□□□ Bypassing Email Filter which leads to SQL Injection. https://dimazarno.medium.com/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17 https://t.me/cKure/12262
March 27, 2023 at 11:34PM
● An Android app from China executed a zero-day exploit on millions of devices. Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away. https://github-com.translate.goog/davinci1010/pinduoduo_backdoor https://mp-weixin-qq-com.translate.goog/s/P_EYQxOEupqdU0BJMRqWsw Google flags apps made by popular Chinese e-commerce giant as malware https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/ https://t.me/cKure/12260
March 27, 2023 at 09:58PM
■■■■□ Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver. https://www.bleepingcomputer.com/news/security/hackers-earn-1-035-000-for-27-zero-days-exploited-at-pwn2own-vancouver/ https://t.me/cKure/12259
March 26, 2023 at 09:38PM
Technical summary of breaking into Breach-Forums by FBI. Apparently, Conor was using his personal internet connection to operate the darknet platform and apparently did not use TOR/VPN once in 2022 due to connection failure or forgetfulness. This IP led FBI to him. It also seems that the FBI had access to the logs of the…
March 26, 2023 at 06:22PM
■■■■■ Quarkslab participated in Pwn2own Toronto 2022 in the router category. This blog post series describes how we selected our targets, performed our vulnerability research, and goes over our findings on the Netgear RAX30 router. The first blog post focuses on our vulnerability research on the RAX30 WAN interface, while the second part will detail…
March 26, 2023 at 02:10AM
■□□□□ A bug in AI chatbot ChatGPT has allowed some users to see the titles of other users’ conversations, sparking privacy concerns. OpenAI CEO Sam Altman acknowledged the issue, saying the company feels “awful” about it. He assured customers that the “significant” error has now been fixed. https://t.me/cKure/12253
March 25, 2023 at 02:20AM
■■■■■ Checking race conditions. TOCTOU attacks. http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf https://t.me/cKure/12251
March 25, 2023 at 02:03AM
■■■■■ Pwn²Own 2023 Vancouver, Canada. The intro. https://youtu.be/3pMCh3HEP8Y https://t.me/cKure/12250
March 24, 2023 at 10:58PM
■■■■□ Joomla! CVE-2023-23752 to Code Execution. https://vulncheck.com/blog/joomla-for-rce https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html https://t.me/cKure/12249