Sign in

Disclosure and bug bounty programs could sometimes be a double-edged sword. These services could help you avoid the hassle of contacting a vendor and negotiating for a reward which could take a few weeks just waiting for a response. But these programs might also turn you down completely, as they can be pretty picky — making you handle the entire process by yourself.

As mentioned in one of our previous articles, bug bounty programs keep popping up, but the question remains. Are these programs worth the hassle, and do they deliver on their promises?

Over the past two decades, bug…

In this edition, we’ll give new updates to the Fortinet flaws abuse we discussed last week, 3 major social network leaks, new Android malware spreads by creating auto-replies to messages in WhatsApp, and our CVE of the week: a pre-auth RCE found in a QNAP QTS plugin.

Two Manufacturing Plants Shut Down Due to Fortinet Vulnerability

In this edition, we’ll give new updates to the North Korean campaign targeting security researchers, Chinese police arresting the biggest video game cheats syndicate, FBI and CISA warning about hackers abusing FortiNet flaws, and our CVE of the week: an SSRF vulnerability found in VMware’s vRealize.

New Updates to the Campaign Targeting Security Researchers

In this edition, we’ll give new updates to the Google Project Zero findings, hackers trying to add a backdoor RCE through PHP’s Git, a security researcher being sued for bug disclosure, and our CVE of the week: a bug in netmask endangering more than 200 thousand projects.

Updates on Google Project Zero

In this edition, we’ll discuss the Mirai botnet attack on IoT devices, Google Project Zero discovering 11 vulnerabilities exploited in 2020, Trail of Bits security researcher creates a tool to weaponize insecure pickled Python files, and our CVE of the week: an RCE vulnerability in F5 Big IP.

The Mirai Botnet Attacking IoT Devices

DD-WRT is a Linux-based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. This firmware is suitable for many systems with many routers using it like Netgear Nighthawk, Asus, and Linksys routers.

It provides superior firmware to some WiFi routers and improves their built-in basic firmware. Firmwares like these also provide a higher level of security than regular routers which makes them hard to exploit but not impossible. We will have a look at some of these vulnerabilities here.

CVE-2020–13976 — Remote Command Execution via Shell Metacharacters

This vulnerability was discovered on the diagnostics page of DD-WRT. A remote attacker could execute arbitrary…

In this edition, we’ll follow up on the MS Exchange Server Leak and its origins, a hacker gaining access to 150,000 Verkada security cameras, the new Regexploit tool, and three 15-year-old vulnerabilities found in the Linux Kernel.

The Microsoft Exchange Hack

Figure 1 man laying in bed with a bike helmet

There you are, sitting on your sofa, the clock shows another five seconds ‘till the next episode comes on, you press the button and another useless day goes by.

We all had this experience, especially during the last year. Covid gave us so much free time being stuck at home.

This time doesn’t have to be spent binge-watching Netflix. We can use these extra hours to grow and improve ourselves. There are many productive things we can do to achieve these goals. …

This is SSD’s weekly security recap.

In this edition, we’ll talk about the Microsoft vulnerabilities affecting governments around the world, GitHub and Docker Hub used for crypto mining attacks, User Data exposed Online from the Maza Cybercrime Forum, and our CVE of the week: GNU GRUB elevated access.

The Microsoft Exchange Hack

After the SolarWinds attack that has been troubling the US, this new threat has been putting US organizations like credit unions, town governments, and small businesses at potential risk.

Of course, this vulnerability may also be used against organizations in Asia and Europe.

It was found that vulnerabilities in Microsoft exchange servers…

A Bootloader, one of the basic components of a computer, is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software (Linux). The kernel, in turn, initializes the rest of the operating system.

GNU GRUB (also called GRUB2) is a Multiboot boot loader. It is part of the GNU Project that is a free operating system that allows its users to run, copy, explore and change programs’ source code freely. The “GRUB” in GNU GRUB stands for GRand Unified Bootloader.

Since GNU GRUB runs on most…


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store