Olivia
Online
exploresecurity
@exploresecurity
IT security miscellany, commentary and curiosities || the geeky alter ego of @MrJeromeSmith || thoughts are my own (who else's would they be?)
Cambridge, England
Joined March 2013
215 Following
689 Followers
950 Posts
SQLi despite 'secure' Prepared Statements! Known to affect mysql and mysql2, nice write-up from @xoreipeip (and with due credit to previous work by other researchers)
Check out our new blogpost: Prepared Statements? Prepared to Be Vulnerable.
https://t.co/vH9EQbbKun
@Grazitti you might want to reword this response; bit harsh I thought 😆
2 instances this week of OAuth SaaS integrations where the setup guide says "login as admin". Even with scopes, the connections are overprivileged. Getting flashbacks of software that "needs" to be installed as admin (translation: cos then it just works).
As a #Salesforce admin or security pro, does it frustrate you that it's impossible to configure an account to have full access to the config of a Salesforce Org as read-only? Upvote https://t.co/cx9b5zVYRy
Who to follow
Irene Michlin
@IreneMichlin
Yes, you can do secure development in Agile or Lean. #SDLC, #ThreatModeling, #AppSec, #defensivesecurity, #Lean, #Agile, #Kanban
Ed Williams 🏴 
@dynllandeilo
Dad, husband, brother, son a Chymro. Cyber and hacking. Views do not represent my workplace. ZHlmYWwgZG9uYyBhIGR5ciB5IGdhcnJlZw== 🏴 #bitcoin
Interesting compromise of Cyberhaven's Chrome extension with a malicious OAuth app using a genuine OAuth flow https://t.co/upccOQW1Z2
All I want for Christmas is U(RL handlers not vulnerable to RCE)...
AmberWolf has published information about CVE-2024-12908, a Remote Code Execution vulnerability in the Delinea Secret Server Protocol Handler.
You can read our blog & PoC here:
https://t.co/oW4E5V4KFT
Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵
New @Sonos app - yuk. Key features missing. Maybe I've just not found things like how to edit the queue. Best case, unintuitive UI; worst case, something that worked (mostly - has definitely got buggier and slower recently) is undeniably worse. Trust that updates are coming...
The @Yourallypally steward in this story should be congratulated - he followed protocol under pressure. So important for 'first line' staff to have a robust process to follow and to be confident sticking with it.
https://t.co/tHUu6Krej5
When there seems to be so much doom and gloom around, this story of innovation + determination + dedication is a ray of hope
A lot of people will be forgetting @evernote now. I only store text (more or less). I appreciate they have costs and I'd be prepared to bung them a few quid but this drastic change without warning will push many to find an alternative.
Poor show @evernote - used to be able to export all notebooks at once for back-up, now it seems I have to export each notebook in turn. Why make something so important harder to do?
@AppOmniSecurity Interesting stuff but I'm unclear if the core vulnerability and analysis was done by someone else. Can't see a source credited so maybe it is original. Could you clarify?
🚨 Urgent Update: #Google has released a Chrome update to patch a new high-severity zero-day #vulnerability (CVE-2023-5217) that is being exploited in the wild.
Read: https://t.co/LJNdD2BJHi
#infosec #cybersecurity #informationsecurity
Some fun with AI (trailer at https://t.co/fbyO8EjoHa)
As usual from @PortSwiggerRes and @albinowax, it's not just the theory but the accompanying resources which support the practice - nice job!
We've just published 'Smashing the state machine: the true potential of web race conditions' by @albinowax! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
https://t.co/GJOOn4Wmab
First round of BSides Cambridge tickets are live! We've got some great talks lined up. Get your tickets now.
If you're a student, message us or @secmum and we'll sort something out.
#bsides #bsidescambs #infosec #cybereast
https://t.co/v0XQO8SOP1
Is there really no way @JustEatUK that a lost-n-found gift card can be reactivated? I assume it's expired (website only says "invalid" and have triple-checked code). Having to tweet because your "Contact us" page does no such thing.
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers