all InfoSec news
169 - Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing [Bug Bounty Podcast]
Nov. 22, 2022, 9 p.m. | DAY[0]
DAY[0] www.youtube.com
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/169.html
[00:00:00] Introduction
[00:01:02] A Confused Deputy Vulnerability in AWS AppSync
[00:07:05] Grafana Race Condition Leading to Potential Authentication Bypass [CVE-2022-39328]
[00:16:12] Stealing passwords from infosec Mastodon - without bypassing CSP
[00:24:01] Cross-Site Tracing was possible via non-standard override headers [CVE-2022-45411]
The DAY[0] Podcast episodes are streamed live …
bounty bug bug bounty cross-site grafana passwords podcast stealing tracing
More from www.youtube.com / DAY[0]
246 - Rust Memory Corruption??? [Binary Exploitation Podcast]
1 month, 4 weeks ago |
www.youtube.com
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast]
1 month, 4 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer 2
@ Oracle | BENGALURU, KARNATAKA, India
Oracle EBS DevSecOps Developer
@ Accenture Federal Services | Arlington, VA
Information Security GRC Specialist - Risk Program Lead
@ Western Digital | Irvine, CA, United States
Senior Cyber Operations Planner (15.09)
@ OCT Consulting, LLC | Washington, District of Columbia, United States
AI Cybersecurity Architect
@ FactSet | India, Hyderabad, DVS, SEZ-1 – Orion B4; FL 7,8,9,11 (Hyderabad - Divyasree 3)