- VayFul®
- Posts
- AppSec Monday: UnOAuthorized Privilege Elevation, SSTI, Android XSS, SmuggleShield, Whatsapp Contacts Security Assessment
AppSec Monday: UnOAuthorized Privilege Elevation, SSTI, Android XSS, SmuggleShield, Whatsapp Contacts Security Assessment
Cybersecurity — For Security Professionals
Hey! James here.
Today’s edition is all about Application Security and offensive tactics:
📝 CVE-2024-45186: Unauthenticated SSTI bug, $20,300 Bounties from a 200 Hour Hacking Challenge!
🔥 SmuggleShield, Sn0int Tools,Systemwide security flaw has been hiding in macOS for 2 decades!
🧠 UnOAuthorized: The discovered path to privilege elevation, Hacking Bank from Hackthebox!
And more…
First time reading? Sign up here.
📰 Top Security News
Public report Whatsapp contacts security assessment (Nccgroup)
Chinese hackers had access to Canadian government systems for years (Techradar)
Systemwide security flaw has been hiding in macOS for 2 decades (Stephen Casas)
📝 Best Of Blogs
CVE-2024-45186: Unauthenticated SSTI bug in Filesender exposes MySQL & S3 credentials (Jonathan Bouman)
Popping Android vulnerabilities from notification to Webview XSS (Abdillah Muhamad)
$20,300 Bounties from a 200 Hour Hacking Challenge (Voorivex)
🧠 Learning Resources
Unified Mobile and Security Testing with Mobile Cloud Vendors (Avi Elgal)
UnOAuthorized:The discovered path to privilege elevation(Eric Woodruff)
Hacking Bank from Hackthebox (Chris Alupului)
🛠️ Tools
⚡️ Misc
Lessons in Security Tooling: Strategies for Success (Gyan.ca)
Stacklok Donates Minder Security Project to OpenSSF (Thenewstack)
🎯 Favorite Quote
“Keep smiling, because life is a beautiful thing and there's so much to smile about.”
- Marilyn Monroe
💡 ABOUT VAYFUL®
Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!
Did someone forward this email to you? Become a subscriber!
Have feedback or questions? Just hit reply and let us know.