From Security Weekly WikiJump to navigationJump to search
- Announcing new reward amounts for abuse risk researchers who identify product abuse within the scope of Google's bug bounty program. There's a lot more to product security than the OWASP Top 10.
- Microsoft Patch Tuesday, Sept. 2020 Edition continues the pace of large amounts of bugs that must be patched.
- XSS->Fix->Bypass: 10000$ bounty in Google Maps finds a very relevant vector for very old-school CDATA and SVG techniques.
- Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically.
- Remote Code Execution as SYSTEM/root via Backblaze due to basic crypto misuse.
- BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, showing yet another danger of crypto misuse, as if to prove how prevalent these problems can still be.
- Kids' Smartwatches Are a Security Nightmare Despite Years of Warnings and have a slew of vulns, including crypto flaws, documented by researchers in their paper, a concise video, and a twitter thread.
- 4 top vulnerabilities ransomware attackers exploited in 2020 that are very old and sort of new and absolutely should be patched by now.