$10,000 USD award for reporting faulty crop and trim feature in Facebook reels 😍
Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox.
IWCON2022 finally came to a glorious end ❤️ Thank you for joining us. I hope you had a lot of fun and learned something new 😊 Please share your feedback here to help us make the next version better for you :)
Coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 GitHub repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in 👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#3 Read @Yaala’s discovery of zero-click account takeover and 2FA bypass in the Facebook mobile app.
#4 Security Researcher Alessandro Groppo wrote about a very interesting bug (CVE-2022-2602 without a public exploit) that impacts the io_uring subsystem with a Use-After-Free vulnerability.
#5 Read how @canmustdie found an open redirection vulnerability on one of Apple's subdomains.
🧵6 Trending Threads (4 + 2 beginner-friendly)
3. Tomo shared links to notion docs containing a collection of smart contract vulnerability reports.
#2 Look at Eno Leriand's thread about SQL Injection Vulnerability in Simmeth System that lead to Remote Code Execution (CVE-2022-44015).
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#1 Reading RFCs might be boring resulting in lesser bug hunters looking into it, but @securinti shows you the power of reading the RFCs, which in one case even bagged him a $3100 bounty.
#2 @_JohnHammond walks you through the MMORPG challenge from NahamConEU CTF, where you learn about an implementation flaw that would lead to a vulnerability.
#3 Learn CodeQL, a code analysis engine developed by GitHub to automate security checks, with @LiveOverflow to investigate GraphQL Resolvers.
#1 @AseemShrey interviews @ArmanSameer95 aka Tess where he goes into detail and reveals his reconnaissance techniques.
⚒️ 2 GitHub repositories & Tools
💰1 Job Alert
#1 Payatu is hiring people for various security roles with experience ranging from 1-5 years. Check out the details here.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world.
If you'd like to advertise to our 27k+ community of cybersecurity enthusiasts, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.