241 - The End of a DEFCON Era and Flipper Zero Woes [Bug Bounty Podcast]

DEF CON moves venues, the Canadian government moves to ban Flipper Zero, and some XSS issues affect Microsoft Whiteboard and Meta's Excalidraw.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/241.html

[00:00:00] Introduction
[00:00:33] DEF CON was canceled.
[00:16:42] Federal action on combatting auto theft
[00:39:03] Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE
[00:43:27] Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)
[00:52:26] SSRF on a Headless Browser Becomes Critical!
[00:59:04] …

action auto ban bounty bug bug bounty can canadian canadian government con cve cve-2024-23897 def def con defcon end federal file flipper flipper zero government introduction jenkins leak meta microsoft podcast theft vulnerability xss