The mercenaries have been busy in the last couple of months. We got a very few good hits on the media and we’re proud of our work and the company itself. Solidity Top 10 Common Issues Smart Vacuum Security Flaws May Leave Users Exposed SoundCloud API Security Advisory A Race Condition in Kubernetes Solidity and… Continue reading Checkmarx Security Research Team latest work
We’ve got a lot of new research in our hands but so far only one got disclosed to the public. I’m talking about the LeapFrog LeapPad Ultimate research. It got a few hits on the media (CNET, The Telegraph, ZDNET, BleepingComputer, Threatpost, Fortune, …) and I’m very proud of this work specially because it keeps… Continue reading Checkmarx Security Research Team latest work
In these last couple of weeks Checkmarx Security Research Team disclosed some of our research: Your Lenovo Watch X Is Watching You & Sharing What It Learns Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT Android WebView: Are Secure Coding Practices Being Followed? NFCdrip: Data Exfiltration Research in Near Field… Continue reading Checkmarx Security Research Team latest work
My team has been working hard and we release more juicy stuff: – Common Security Mistakes when Developing Swift Applications – Part I – Meet NFCdrip – a New Security Concern for Air-Gapped Systems – What’s in Your Website? Lurking Risk from Third-party Resources – How Secure Are the Browser Extensions You Create? Pedro Umbelino… Continue reading Checkmarx Security Research Team latest work
Some of our work was published and I would like to share it here: ReDoS in Go Decrypting JobCrypter More coming soon in a web near you 🙂
CSRT latest work and news: Evenbrite Security Wall of Fame Go programming SCP Remotely Exploitable Flaws Found in Popular IP Cameras Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site More to come really soon… 🙂 Having fun hacking!
Just to give a small update on my work… I’ve been more active on my Twitter account so follow me to get the latest updates on my security work 🙂 Also here are some work I’ve done: (Cobalt.io) – The Top 10 Vulnerabilities used by David Sopas to reach #1 at Cobalt (Char49) – Flash… Continue reading Latest work done
Since I published my Reflected File Download Cheat Sheet I’m getting lot’s of private messages and emails from security researchers and bounty hunters telling that most companies ignore RFD attacks. So I decided to clear things up and answer three most popular questions. First a little introduction. In my opinion they’re three ways of implementing… Continue reading Why some vendors ignore RFD attacks?
That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?