👩‍💻IW Weekly #83: CVE-2023-4966, Address Bar Spoofing, SQLi to NTLM, Okta Breach, UPI Security, PII via Frontend Authentication Redirects and many more…

Billionaires wanted it, but 54,578 everyday investors got it first… and profited

When incredibly rare and valuable assets come up for sale, it's typically the wealthiest people that end up taking home an amazing investment. But not always

One platform is taking on the billionaires at their own game, buying up and fractionalizing some of history’s most prized blue-chip artworks for its investors.

It's called Masterworks. Their nearly $1 billion collection includes works by greats like Banksy, Picasso, and Basquiat, all of which are collectively owned by everyday investors. When Masterworks sells a painting – like the 16 it's already sold – investors reap their portion of the  profits.

Offerings can sell out in minutes, but Infosec Write-Ups readers can skip the waitlist to join with this exclusive link.

Welcome to the #IWWeekly83 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Check out for the security risks of Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 in this article by @assetnote.
  2. Discover the hidden risks in your browser: @RenwaX23 exposes Opera's Address Bar Spoofing Vulnerabilities.
  3. Learn how @chaskar_shubham got NTLM Hashes exposed through SQL Injection in this revealing article.
  4. Explore the security risks of Django's DEBUG mode in @kannthu1's insightful analysis, revealing potential RCE, SSRF, and SQLi vulnerabilities.
  5. @facufernandez explores the alarming issue of full account takeover managing to gain control of the administrative account.
  1. Unveiling the Okta breach and its ripple effects on CloudFlare, 1Password, and BeyondTrust. Dive into the details with @mattjay.
  2. @bsysop delves into the potential security risks and data exposure in WordPress sites with front-end authentication redirects.
  3. @Rhynorater shares his invaluable insights and takeaways from two action-packed Live Hacking Events, showcasing the unparalleled learning environment for hacking.
  4. @H4cktus breaks down the world of Vulnerability Disclosure Programs (VDPs) and shares insights on starting your Bug Bounty journey in this informative Twitter thread.

📽️ 3 Insightful Videos

  1. Unlock the world of Blind XSS with @NahamSec in 'The Beginner's Guide to Cross-Site Scripting'!
  2. Join @ctbbpodcast in Portugal as they go live with @renniepak, delving into NFTs, XSS, LHE, and the art of hacking.
  3. Nemo takes a deep dive into UPI security at @nullcon, revealing insights on bank account hacking.

💼 2 Job Alerts

  1. @Prateek_0490 is hiring a Security Engineer and Analyst for @Zomato! Join the security team at Zomato.
  2. Join @netflix’s Security Operations and Intelligence team as a Security Engineer.

🎁 1 Special Item

  1. Introducing DOMLogger++ by @kevin_mizu: Your essential tool to monitor, intercept, and debug JavaScript sinks with customizable configurations, now available on Firefox and Chromium!

The much-awaited cybersecurity conference IWCON is now back with edition 3.0 on 16 and 17 December 2023. With 16 amazing speakers, this year is going to be a blast of learning and networking. TICKETS NOW OPEN FOR SALE! Go grab yours today.

PS: If you're a brand looking to advertise your company among our 30k+ community, book a sponsorship slot here.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Tuhin Bose
Newsletter formatting by: Manan, Hardik Singh, Nithin R

Lots of love
Editorial team,
Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]