mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.2K
active users

#securityresearch

0 posts0 participants0 posts today

Một lỗ hổng bảo mật nghiêm trọng đã được phát hiện trong một ứng dụng hẹn hò. Theo chia sẻ của nhà nghiên cứu, việc tìm ra lỗ hổng này chỉ là kết quả của một "cú nhấp chuột nhầm", cho thấy tầm quan trọng của việc kiểm tra bảo mật kỹ lưỡng.

#BảoMật #LỗHổngBảoMật #ỨngDụngHẹnHò #AnToànThôngTin #Cybersecurity #Vulnerability #DatingApp #SecurityResearch

hame.page/articles/critical-vu

www.hame.page · One misclick away: How I found a critical vulnerability in a dating appA detailed technical writeup of discovering and reporting a critical security vulnerability in a Sydney-based dating application.

🚀 I launched my latest security research project — RBAC Atlas — to deepen my understanding of Kubernetes and evaluate the security posture of the open source ecosystem.

🧭 RBAC Atlas is a searchable, visual index of risky RBAC policies across Kubernetes-based OSS projects. Through this research, I analyzed:

1. 100+ popular open source projects
2. Hundreds of Roles, RoleBindings, and their granted permissions
3. Risk categories like CredentialAccess, SecretExposure, PrivilegeEscalation, and more

This project was built to help platform teams, security engineers, and OSS maintainers identify and reduce RBAC misconfigurations — one of the most overlooked Kubernetes security risks.

If this sounds useful, connect with me — or feel free to share it with anyone on your team who might be interested.

Day 1 of posting to social media until I get an offensive security research job

First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.

Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.

Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.

If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).

Our latest blog post is live, check it out!

🗞️ opalsec.io/daily-news-update-s

* 👾 Obscure Programming Languages in Malware: Malware authors are getting creative, using less common languages like Rust, Nim, Phix, Lisp and Haskell to evade detection - and it works.
* 💔 $8.2 Million Seized in Crypto Romance Baiting: The DOJ just seized millions in USDT from "romance baiting" scams (aka pig butchering), with links to human trafficking in Cambodia and Myanmar. This is a stark reminder of the human element in cybercrime.

Don't forget, you can subscribe to our newsletter here to get the updates straight to your inbox!

📨opalsec.io/daily-news-update-s

Opalsec · Daily News Update: Sunday, March 30, 2025 (Australia/Melbourne)Malware authors increasingly use niche languages like Rust, Nim, and even Phix to bypass traditional security tools and complicate static analysis. The DOJ seized $8.2M in USDT from romance scams, revealing sophisticated manipulation tactics and links to human trafficking in Cambodia and Myanmar.

I'm thrilled to announce that I've joined Checkmarx Zero!

In the new role, I'm getting even deeper into security research, and I'll focus a lot of my time on making our findings even more understandable and practical for a wider audience.

I look forward to working with this world-class research team. Watch for upcoming papers, blogs, conference presentations, and industry collaborations!

The best ICS testing results don’t come from a single approach. Onsite testing has to be risk-averse, and lab testing can uncover deeper vulnerabilities. The key? A combined approach…
 
OT environments don't stand up to regular IT pen testing. Any pen tester that doesn't fully understand that could easily destroy systems and take out critical infrastructure.
 
By strategically selecting devices for lab testing based on onsite insights, you get the best of both worlds without unnecessary risk or cost.
 
In our latest blog, Head of Hardware Andrew Tierney explains how this method finds hidden threats in ICS networks: pentestpartners.com/security-b