Welcome to the seventeenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
So many new things are happening in the cybersecurity world that it’s difficult to keep up!
We’ve done all the hard work for you by selecting the most top-notch Infosec stuff that caught our attention this week. The format is: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#1 @Felix Alexander shares his brief research on how a third party application may affect an application that has a vulnerable security design, especially in Android.
#2 @TheSecopsgroup’s new blog discusses vulnerabilities arising from insecure access control such as Insecure Direct Object References (IDOR) with some interesting obscure examples.
#3 Read How @Dzmitry Lukyanenko found out the React debug.keystore key trusted by Meta(Facebook) which caused an instagram account takeover by malicious apps.
#4 @Julien Ahrens issued a detailed blog on how he found 8 CVEs that eventually led to WordPress's removal of the affected plugin - Transposh and more than $30,000 in bounties.
🧵4 Trending Threads
#3 Always wondering how does Google Authenticator(or other types of 2-factor authenticators) work? @Alex Xu shared a detailed thread on it.
📽️ 3 Insightful Videos
#1 New video is out on @AssetNote’s Channel in the #BugBountyRedacted series discussing second order subdomain takeovers and logic bug DoS.
#2 @CTF School’s new video talks about how to use AI(Github Copilot) to write exploits for capture the flag challenges, explaining how to solve a task from vsCTF 2022.
⚒️2 Github repositories & Tools
#2 xnLinkFinder’s V1.3 is up now with some fixes and also can now identify the potential parameters.
💰1 Job Alert ⚠️
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.