101010.pl

sekurak NewsJak można było czytać listę połączeń klientów sieci VerizonEvan Connelly zaprezentował odkrytą przez siebie podatność w aplikacji  Verizon Call Filter na urządzenia z systemem iOS. Co prawda problem dotyczy klientów tej amerykańskiej sieci GSM, jednak postanowiliśmy opisać błąd leżący u podstaw tej podatności, ponieważ z doświadczenia wiemy, że luki klasy IDOR (ang. Insecure Direct Object Reference) pojawiają się...<a href="https://mastodon.com.pl/tags/WBiegu" class="mention hashtag" rel="nofollow noopener" target="_blank">#WBiegu</a> <a href="https://mastodon.com.pl/tags/Billing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Billing</a> <a href="https://mastodon.com.pl/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a> <a href="https://mastodon.com.pl/tags/Podatno%C5%9B%C4%87" class="mention hashtag" rel="nofollow noopener" target="_blank">#Podatność</a> <a href="https://mastodon.com.pl/tags/Verizon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Verizon</a> <a href="https://mastodon.com.pl/tags/Websec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Websec</a><a href="https://sekurak.pl/jak-mozna-bylo-czytac-liste-polaczen-klientow-sieci-verizon/" rel="nofollow noopener" translate="no" target="_blank">https://sekurak.pl/jak-mozna-bylo-czytac-liste-polaczen-klientow-sieci-verizon/</a>

sekurak NewsJak można było mieć dostęp do dziesiątek tysięcy raportów z wypadków, w których brały udział samochody wypożyczone z Hertz? Zmieniając identyfikator w tym adresie: /accident-report/12345Uff, w zasadzie cała treść znaleziska zmieściła się w tytule ;-) co w pewien sposób świadczy o poziomie bezpieczeństwa aplikacji webowych w 2024 roku… Dla jasności cała historia wyglądała tak: najpierw badacz otrzymał maila z Hertz z informacją o swoim raporcie. W tym przypadku adres w aplikacji webowej wyglądał mniej...<a href="https://mastodon.com.pl/tags/WBiegu" class="mention hashtag" rel="nofollow noopener" target="_blank">#WBiegu</a> <a href="https://mastodon.com.pl/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a> <a href="https://mastodon.com.pl/tags/Websec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Websec</a><a href="https://sekurak.pl/jak-mozna-bylo-miec-dostep-do-dziesiatek-tysiecy-raportow-z-wypadkow-w-ktorych-braly-udzial-samochody-wypozyczone-z-hertz-zmieniajac-identyfikator-w-tym-adresie-accident-report-12345/" rel="nofollow noopener" translate="no" target="_blank">https://sekurak.pl/jak-mozna-bylo-miec-dostep-do-dziesiatek-tysiecy-raportow-z-wypadkow-w-ktorych-braly-udzial-samochody-wypozyczone-z-hertz-zmieniajac-identyfikator-w-tym-adresie-accident-report-12345/</a>

Shai Almog🚨 Discover how simple teenage curiosity with phone numbers parallels today's digital exploits. <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a> <a href="https://mastodon.social/tags/TechInsights" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechInsights</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://debugagent.com/understanding-security-vulnerabilities-a-first-step-in-preventing-attacks" rel="nofollow noopener" translate="no" target="_blank">https://debugagent.com/understanding-security-vulnerabilities-a-first-step-in-preventing-attacks</a>

Xavier «X» Santolaria :verified_paw: :donor:📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> list of resources for week #30/2023 is out! It includes the following and much more:➝ 🇷🇺 🇪🇺 <a href="https://infosec.exchange/tags/BlueBravo" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueBravo</a> Deploys GraphicalProton Backdoor Against European Diplomatic Entities ➝ 🇰🇵 💸 <a href="https://infosec.exchange/tags/CoinsPaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#CoinsPaid</a> Blames North Korean Hackers for $37 Million Cryptocurrency Heist ➝ 👥 💸 <a href="https://infosec.exchange/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a> database and private chats for sale in hacker data breach ➝ 🇺🇸 🔓 Up to 11 Million People Hit by <a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#MOVEit</a> Hack at Government Services Firm Maximus ➝ 🇦🇺 🇺🇸 Cybersecurity Agencies Warn Against <a href="https://infosec.exchange/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a> Bugs Exploited for Data Breaches ➝ 🔓 🐧 GameOver(lay): Two Severe <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> Vulnerabilities Impact 40% of Ubuntu Users ➝ 🦠 🗣️ <a href="https://infosec.exchange/tags/Deloitte" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deloitte</a> denies <a href="https://infosec.exchange/tags/Cl0p" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cl0p</a> data breach impacted client data in wake of MOVEit attack ➝ 🇺🇸 🇨🇳 US Senator Wyden Accuses <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> of ‘Cybersecurity Negligence’ ➝ 🇨🇦 🫀 <a href="https://infosec.exchange/tags/CardioComm" class="mention hashtag" rel="nofollow noopener" target="_blank">#CardioComm</a>, a provider of <a href="https://infosec.exchange/tags/ECG" class="mention hashtag" rel="nofollow noopener" target="_blank">#ECG</a> monitoring devices, confirms cyberattack downed its services ➝ 🇲🇽 💸 Fenix <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> Group Poses as Tax Authorities to Target Latin American Users ➝ 🇺🇸 💰 <a href="https://infosec.exchange/tags/SEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SEC</a> now requires companies to disclose cyberattacks in 4 days ➝ ✨ 👀 <a href="https://infosec.exchange/tags/NATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#NATO</a> investigates alleged data theft by <a href="https://infosec.exchange/tags/SiegedSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#SiegedSec</a> hackers ➝ 🇷🇺 ⚖️ Russian Cybersecurity Firm Founder Jailed for 14 Years ➝ 🇳🇱 ⚓️ Maritime Cyberattack Database Launched by Dutch University ➝ 🦠 🍏 Realst Mac <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> targets macOS <a href="https://infosec.exchange/tags/Sonoma" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sonoma</a> ➝ 🔐 📝 <a href="https://infosec.exchange/tags/IBM" class="mention hashtag" rel="nofollow noopener" target="_blank">#IBM</a> Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs ➝ 🇳🇱 🚔 Researchers find deliberate <a href="https://infosec.exchange/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a> in police radio <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#encryption</a> algorithm ➝ 🇰🇵 🥷🏻 <a href="https://infosec.exchange/tags/JumpCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#JumpCloud</a> hack linked to <a href="https://infosec.exchange/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> after <a href="https://infosec.exchange/tags/OPSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OPSEC</a> mistake ➝ 🩹 <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ivanti</a> patches MobileIron zero-day bug exploited in attacks ➝ 🇳🇴 🥷🏻 <a href="https://infosec.exchange/tags/Norway" class="mention hashtag" rel="nofollow noopener" target="_blank">#Norway</a> government ministries hit by cyber attack ➝ 🧘🏻 🩸 <a href="https://infosec.exchange/tags/Zenbleed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zenbleed</a> attack leaks sensitive data from <a href="https://infosec.exchange/tags/AMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#AMD</a> Zen2 processors ➝ 🩹 🍏 <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a> fixes new zero-day used in attacks against iPhones, Macs ➝ 🦠 🏦 <a href="https://infosec.exchange/tags/Banking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Banking</a> Sector Targeted in Open-Source Software Supply Chain Attacks<a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/TETRA" class="mention hashtag" rel="nofollow noopener" target="_blank">#TETRA</a> <a href="https://infosec.exchange/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IoT</a> <a href="https://infosec.exchange/tags/MIoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#MIoT</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> 📚 This week's recommended reading is: "Evading EDR: A Comprehensive Guide to Defeating Endpoint Detection Systems" by Matt Hand Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecMASHUP</a> newsletter to have it piping hot in your inbox every week-end ⬇️<a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-week-302023" rel="nofollow noopener" translate="no" target="_blank">https://infosec-mashup.santolaria.net/p/infosec-mashup-week-302023</a>

Shared Security Podcast :verified:🤔Should you use Meta's new app called Threads? Why are airline reservation scams happening so frequently? What are IDOR (Insecure Direct Object Reference) vulnerabilities and why are they so dangerous?Join us on the latest episode of Shared Security as we discuss three compelling stories that will leave you questioning the boundaries of privacy, the tricks of scammers, and the vulnerabilities in our digital world.📖 Threads Unleashed - We unravel the rise of Threads, Meta's social media app challenging Twitter. With over 10 million users in just seven hours, we explore its data collection practices and the implications for your personal information.🚫 Beware of Flight Scams - Discover the dark side of airline reservations as we discuss a crafty scam that dupes unsuspecting travelers. Learn how to protect yourself from falling victim to these ticket scams that can cost you more than just money.🔒 Security Alarm Breach - Listen to our discussiobn about the alarming IDOR vulnerability found in Eaton's SecureConnect system. We discuss the risks of weak access controls and the potential implications for remote access to thousands of smart security alarm systems.Join us these topics and more this week on Shared Security!💻🌍<a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#scams</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/idor" class="mention hashtag" rel="nofollow noopener" target="_blank">#idor</a> <a href="https://infosec.exchange/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#podcast</a>Subscribe on Apple Podcasts, Spotify, or your favorite podcast platform: <a href="https://sharedsecurity.net/subscribe" rel="nofollow noopener" translate="no" target="_blank">https://sharedsecurity.net/subscribe</a>Watch on YouTube: <a href="https://youtu.be/nZCZk9myDcA" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/nZCZk9myDcA</a>Listen on our website: <a href="https://sharedsecurity.net/2023/07/10/metas-threads-and-your-privacy-airline-reservation-scams-idor-srikes-back/" rel="nofollow noopener" translate="no" target="_blank">https://sharedsecurity.net/2023/07/10/metas-threads-and-your-privacy-airline-reservation-scams-idor-srikes-back/</a>

👁️à̸̖̜͖͖͇̐͘͠z̸̡̧̈́̌̏̔̌̈z̴̼̥̻̰͉͙̥̟̤͂̽̈͒͊ͅy̴̗̍͐̈́̃͘̚͝👁️I wondered due to recently remembering when I was able to pull the PDFs off teacher's section. On the textbook manufacturer's just from fking around the URL.This is a while ago, but I did mention to the professor but he did the idk what you talking about. (2+ years ago)So I did email the contact email for the manufacturer. They asked for student ID, school code and classroom name. I told in response You can get the school name and thats it. But the following response was how I need to disciplinary actions against me for attempting to cheat. Thus they need the student ID. I ain't gonna get expelled for absolute dumb shit. So I didn't give it and cut off all communications.In cases this it's now like a double sided thing. I want to report an issue so someone could fix it. But if I'm going to be punished too, why report the issue at all? <a href="https://infosec.exchange/tags/teaching" class="mention hashtag" rel="nofollow noopener" target="_blank">#teaching</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a> <a href="https://infosec.exchange/tags/url" class="mention hashtag" rel="nofollow noopener" target="_blank">#url</a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a>

Sam Stepanyan :verified: 🐘"Hacking on a plane: Leaking data of millions of users of in-flight <a href="https://infosec.exchange/tags/WiFi" class="mention hashtag" rel="nofollow noopener" target="_blank">#WiFi</a> and taking over any account" - a blog post by @rez0__@twitter.com :<a href="https://infosec.exchange/tags/AirplaneWifi" class="mention hashtag" rel="nofollow noopener" target="_blank">#AirplaneWifi</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/IDOR" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDOR</a><a href="https://rez0.blog/hacking/2022/12/02/hacking-on-a-plane.html" rel="nofollow noopener" target="_blank">https://rez0.blog/hacking/2022/12/02/hacking-on-a-plane.html</a>

Recent searches

Search options

Administered by:

Server stats:

#IDOR