👩‍💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more…

👩‍💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more…
Photo by Alex Chumak / Unsplash

Welcome to the #IWWeekly93 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @GitLab releases Critical Security Versions 16.7.2, 16.6.4, 16.5.6 for Community Edition (CE) and Enterprise Edition (EE). Urgent upgrade recommended due to critical security fixes.
  2. Article by @MetallicaMVP: Google Info-Stealers: Persistent Access of your Google account via Cookie Theft and Multi-Factor Authentication Bypass 
  3. @JerryShah exposes a significant IDN homograph attack in SMTP servers, enabling attackers to manipulate domain names and perform account takeovers.
  4. @x86trace shares insightful write ups on IrisCTF24 challenges, exposing a SQL injection vulnerability in "What’s My Password?" and decoding a reversed flag in "Rune? What’s that?"
  5. @Boogsta uncovers IDOR on college intranet, revealing personal data of students through base64-encoded requests.
  1. Dive into the world of the Sandwich Attack alongside @0xLupin, securing a $12,000 bounty! Understand the process of uncovering API Keys and exploiting a vulnerability in a straightforward manner.
  2. Join @bishopfox in building infosec communities: Starting @hackgdl and sharing valuable tips on engagement and growth.
  3. Explore @bishopfox's recommendations to start your hacking journey for all the beginners out there.
  4. Explore essential Awesome Cyber Security Collections curated by @7h3h4ckv157 for hackers which includes Red team, SOC, Blue team and many more.

📽️ 3 Insightful Videos

  1. Discover the convolutions of OWASP's new API Top 10 for 2023 with @InsiderPhD, unraveling the art of bug hunting in this dynamic landscape.
  2. Uncover the journey of @NahamSec, transforming from a passionate ethical hacker to a Million Dollar Hacker, and delve into the flourishing realm of cybersecurity triumphs.
  3. Unlock the secrets of bypassing door passwords as @aydinnyunuss takes you on a captivating journey at IWCON2023.

💼 2 Job Alerts

  1. Varutra Consulting is seeking immediate joiners for multiple positions like Security consultant, Senior Security Consultant, and more for different locations. Check it out and don’t miss the opportunity.
  2. Github is looking for someone who could join their bug bounty team as a Product Security Engineer which will be Remote in the US.

🎁 1 Special Item

  1. Discover CVE-2023-7028: Gitlab Account-Take-Over exploit by @Vozec1, showcasing email manipulation vulnerability. Educational use only. Discovered by asterion04.

Checkout “Navigating the RaaS Threat Landscape” by Renzon Cruz at IWCON2023

For more IWCON2023 videos you might have missed, subscribe to the Infosec Studio YouTube channel.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A MemaneHardik SinghAyush Singh, Tuhin Bose and Manan
Newsletter formatting by: Eeshan V, Pawan Gambhir and Manan

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]