exploresecurity

SQLi despite 'secure' Prepared Statements! Known to affect mysql and mysql2, nice write-up from @xoreipeip (and with due credit to previous work by other researchers)

@Grazitti you might want to reword this response; bit harsh I thought 😆

2 instances this week of OAuth SaaS integrations where the setup guide says "login as admin". Even with scopes, the connections are overprivileged. Getting flashbacks of software that "needs" to be installed as admin (translation: cos then it just works).

As a #Salesforce admin or security pro, does it frustrate you that it's impossible to configure an account to have full access to the config of a Salesforce Org as read-only? Upvote ideas.salesforce.com/s/idea/a0BHp00…

Interesting compromise of Cyberhaven's Chrome extension with a malicious OAuth app using a genuine OAuth flow cyberhaven.com/engineering-bl…

All I want for Christmas is U(RL handlers not vulnerable to RCE)... AmberWolf has published information about CVE-2024-12908, a Remote Code Execution vulnerability in the Delinea Secret Server Protocol Handler. You can read our blog & PoC here: blog.amberwolf.com/blog/2024/dece…

More awesome work from @buffaloverflow and @johnnyspandex

New @Sonos app - yuk. Key features missing. Maybe I've just not found things like how to edit the queue. Best case, unintuitive UI; worst case, something that worked (mostly - has definitely got buggier and slower recently) is undeniably worse. Trust that updates are coming...

The @Yourallypally steward in this story should be congratulated - he followed protocol under pressure. So important for 'first line' staff to have a robust process to follow and to be confident sticking with it. talksport.com/sport/1705572/…

When there seems to be so much doom and gloom around, this story of innovation + determination + dedication is a ray of hope

A lot of people will be forgetting @evernote now. I only store text (more or less). I appreciate they have costs and I'd be prepared to bung them a few quid but this drastic change without warning will push many to find an alternative.

Poor show @evernote - used to be able to export all notebooks at once for back-up, now it seems I have to export each notebook in turn. Why make something so important harder to do?

@AppOmniSecurity Interesting stuff but I'm unclear if the core vulnerability and analysis was done by someone else. Can't see a source credited so maybe it is original. Could you clarify?

A widespread #Salesforce data exposure has been uncovered from misuse of the Platform Cache. In this blog by AppOmni AO Labs, read how incorrect use of this feature is causing information disclosure in over 80% of implementations handling sensitive data: hubs.la/Q01VybTP0

🚨 Urgent Update: #Google has released a Chrome update to patch a new high-severity zero-day #vulnerability (CVE-2023-5217) that is being exploited in the wild. Read: thehackernews.com/2023/09/update… #infosec #cybersecurity #informationsecurity

Great day @BsidesCambs - nice job everyone

Calling all infosec students near #Glasgow #DC44141 - a worthy cause and potentially more than a warm glow in return

Some fun with AI (trailer at youtube.com/watch?v=VqY0-H…)

As usual from @PortSwiggerRes and @albinowax, it's not just the theory but the accompanying resources which support the practice - nice job!

First round of BSides Cambridge tickets are live! We've got some great talks lined up. Get your tickets now. If you're a student, message us or @secmum and we'll sort something out. #bsides #bsidescambs #infosec #cybereast eventbrite.co.uk/e/bsides-cambr…

Is there really no way @JustEatUK that a lost-n-found gift card can be reactivated? I assume it's expired (website only says "invalid" and have triple-checked code). Having to tweet because your "Contact us" page does no such thing.