👩‍💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…

Welcome to the #IWWeekly107 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Security researcher @malcolmst deeply explains CVE-2024-0333, a Google Chrome vulnerability enabling malicious extension installation.
2. @Microsoft introduces Entra ID banned passwords list, a new feature to combat weak passwords and enhance Active Directory Domain Service security.
3. Explore the fundamentals of modern cryptography and quantum readiness in @Synacktiv enlightening introduction.
4. Explore multi-factor authentication bypasses through response tampering examples with @ozgur_bbh.
5. Gain insights into CVE-2024-26131 and CVE-2024-26132, security vulnerabilities impacting the Element Android application from @ShielderSec.

🧵4 Trending Tweets

1. @Rhynorater takes a breather from LHE to explore Airchat's security landscape.
2. Dive into the recent @ctbbpodcast episode where the team talk about the shocking tale of hacking Tesla and gaining unauthorized access to a stranger's car.
3. Unlock the secrets of SSRF vulnerabilities with 7 essential resources shared by @intigriti
4. Ever found an S3 bucket? @yeswehack lists down different ways to test S3 buckets.

📽️ 3 Insightful Videos

1. @0xLupin talks about a couple of bugs he found in Google Bard (now Gemini) in collaboration with @rez0__ and @Rhynorater which resulted in a $50,000 bounty.
2. @_JohnHammond dives into the recently surfaced Telegram remote code execution exploit. 
3. @gregxsunday presents his latest case study on HTTP Request smuggling discussing root causes, common types, impact and more. 

💼 2 Job Alerts

1. @TCS is hiring for a Security Analyst with 6-10 years of experience for Bengaluru, India. 
2. @policybazaar is hiring for Information Security Specialist with 2-3 years of experience for Gurugram, Haryana, India.

🎁 1 Special Item

1. This week’s special item explores an amazing CTF opportunity to grab prizes worth $1000.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Hardik Singh, Ayush Singh, Manan, Ansh Patel

Newsletter formatting by: Hardik Singh, Manan, Shlok, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups