• VayFul®
  • Posts
  • VayFul Security Issue - June 11 2024

VayFul Security Issue - June 11 2024

VayFul Security - June 11 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Alert! PHP CGI Argument Injection Vulnerability (CVE-2024-4577) - Patch Now! - A critical security vulnerability (CVE-2024-4577) has been discovered in PHP CGI that could allow attackers to inject malicious code into web applications. This vulnerability can be exploited to steal sensitive data, gain unauthorized access to systems, or even take complete control. #php #cve #patch

Exposing Security Flaws in the VS Code Marketplace - The author, Amit Assaraf, argues that the lack of permission management allows malicious extensions to gain extensive access to user data and functionality. It is a wake-up call for developers, urging caution when installing extensions and advocating for stricter security measures within the VS Code ecosystem. #vscode #extension

Confusing URLs Exploited for XXE in SharePoint (CVE-2024-30043) - Vulnerability allows attackers to exploit a flaw in how SharePoint parses URLs. This can be leveraged to perform XXE (XML External Entity) attacks, potentially granting unauthorized access to sensitive data or even server control. Vulnerability affects both SharePoint Server and cloud versions, a patch is readily available. #0day #exploit

New iOS Trojan Steals Faces and More for Deepfakes - Group-IB, has uncovered a new iOS Trojan named GoldPickaxe. This malware targets users in Asia and steals not only banking data and SMS messages, but also facial recognition data and identity documents. Researchers believe the stolen biometrics could be used to create deepfakes for unauthorized access to accounts. #iOS #malware

🔥 INTERESTING WRITEUPS

📝 BLOGS & ARTICLES

Automation Tool for Easy P4 - Easy P4 vulnerabilities using Hauditor automation tool. #bugbounty #automation

Communication and Network Security - It explores various security measures implemented during communication and network interactions, empowering you to identify vulnerabilities and take proactive steps to protect your online presence. #communication #network #security

Why Bad Reviews can kill your software -  The article dives into user expectations for speed, responsiveness, and stability, highlighting areas where software can fail and attract negative feedback. It also suggests strategies for building a strong reputation, like focusing on user experience and addressing customer concerns promptly. #code-reviews #secure-coding

Hacking Millions of Modems (and Investigating Who Hacked My Modem) - Millions of Modems Vulnerable! Researcher Exposes Backdoor in Cox Business Portal. This backdoor gave attackers access to sensitive customer information, modify settings, and even execute commands on the devices. #modems #backdoor

🛠️TOOLS

Aiodnsbrute - Bruteforce domain names asynchronously.#dns #bruteforce

PIP-INTEL - OSINT (Open Source Intelligence) tool designed using various open-source tools and pip packages. #osint #intel

nowafpls - Burp Plugin to Bypass WAFs through the insertion of Junk Data. #burp #plugin

🧠 TUTORIALS & SKILL-BUILDING

How I Met Your Data - Troy Hunt - NDC Sydney 2024 - In "How I Met Your Data," we dive into the thrilling world of data breaches, exploring the often-untold stories from the front lines. #data #security

Secure AI: Integrating OWASP Principles in Machine Learning Model Development- Haritha Thilakarathne - It's time to delve into the critical intersection of cybersecurity and artificial intelligence. Let's explore the integration of Open Web Application Security Project (OWASP) principles into machine learning model development processes. Addressing vulnerabilities and ensuring data privacy are paramount as AI technologies become more prevalent. #Owasp #AIML

Demystifying Web API Security in Azure - Jimmy Bogard - NDC Sydney 2024 - Building APIs can be easy, but securing them is hard. We have external and internal applications, APIs, users, and more. Each might use a different authentication and authorization strategy, depending on customer and system needs. The stakes are high and there is no margin for error! #API #websecurity #Azure

🎁 MISCELLANEOUS

Level up with GitHub Copilot: using AI to learn, code, and build - Michelle "MishManners" Duke - It's time you meet your AI pair programmer. Do you find yourself stuck on a chunk of code? Unsure of how best to center a div? GitHub Copilot can help. Get unstuck by seeing suggested lines or code, whole functions, and learn more about your development journey through having code explained, and even translate your code into other languages. #AI #coding

What you can learn from an open-source project with 300 million downloads - Dennis Doomen - After more than 10 years of development, our pet project, Fluent Assertions has almost reached 300 million downloads. Providing a high quality library like that doesn't come for free. We've been trying to write code that is clean enough for our contributors, write tests that are self-explanatory, ensure breaking changes are strictly controlled and try to make it easy to use. #open-source #software #development

🎯 QUOTE OF THE DAY

The path to success is to take massive, determined action.”

- Tony Robbins

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team