👩‍💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…

👩‍💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…
Photo by RoonZ nl / Unsplash

Welcome to the #IWWeekly107 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Security researcher @malcolmst deeply explains CVE-2024-0333, a Google Chrome vulnerability enabling malicious extension installation.
  2. @Microsoft introduces Entra ID banned passwords list, a new feature to combat weak passwords and enhance Active Directory Domain Service security.
  3. Explore the fundamentals of modern cryptography and quantum readiness in @Synacktiv enlightening introduction.
  4. Explore multi-factor authentication bypasses through response tampering examples with @ozgur_bbh.
  5. Gain insights into CVE-2024-26131 and CVE-2024-26132, security vulnerabilities impacting the Element Android application from @ShielderSec.
  1. @Rhynorater takes a breather from LHE to explore Airchat's security landscape.
  2. Dive into the recent @ctbbpodcast episode where the team talk about the shocking tale of hacking Tesla and gaining unauthorized access to a stranger's car.
  3. Unlock the secrets of SSRF vulnerabilities with 7 essential resources shared by @intigriti
  4. Ever found an S3 bucket? @yeswehack lists down different ways to test S3 buckets.

📽️ 3 Insightful Videos

  1. @0xLupin talks about a couple of bugs he found in Google Bard (now Gemini) in collaboration with @rez0__ and @Rhynorater which resulted in a $50,000 bounty.
  2. @_JohnHammond dives into the recently surfaced Telegram remote code execution exploit
  3. @gregxsunday presents his latest case study on HTTP Request smuggling discussing root causes, common types, impact and more. 

💼 2 Job Alerts

  1. @TCS is hiring for a Security Analyst with 6-10 years of experience for Bengaluru, India
  2. @policybazaar is hiring for Information Security Specialist with 2-3 years of experience for Gurugram, Haryana, India.

🎁 1 Special Item

  1. This week’s special item explores an amazing CTF opportunity to grab prizes worth $1000.

Send an e-mail to [email protected] to know more about partnering with InfosecWriteups

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Hardik Singh, Ayush Singh, Manan, Ansh Patel
Newsletter formatting by: Hardik Singh, Manan, Shlok, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]