0x20 Monthly (2022-10/11)
Veröffentlicht am 2022-11-26 15:40:00 +0000Download: Opus, OGG Vorbis oder MP3
Beschreibung
Wegen Umzug kam Ende Oktober keine Folge. Wir behandeln heute Oktober und November. Es gab Microsoft, Twitter, OpenSSL, den Pixel phone lock screen bypass, Tailscale und vieles mehr. Viel Spaß beim Hören!
Shownotes
- Domain fronting to be blocked on Azure
- AWS keys on PyPi for over a year
- “Invalid Username or Password”: a useless security measure - Kevin Burke
- Elon Musk Says Twitter Will Add Video and Voice Call, Encrypted DMs
- CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
- Russian 0day thirst traps
- 0XDEAD ZEPPELIN
- Hijacking AUR Packages by Searching for Expired Domains - Blog by Joren Vrancken
- urlscan.io’s SOAR spot: Chatty security tools leaking private data - Positive Security
- Timing Attacks on WhatsApp, Signal, and Threema can Reveal User Location - RestorePrivacy
- Dangerous hole in Apache Commons Text – like Log4Shell all over again – Naked Security
- Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub
- Goggle Pixel Lock Screen Bypass