TantoSec consultant Riyush Ghimire identified an unauthenticated path traversal flaw in Docassemble. CVE-2024-27292 exposes sensitive files and secrets, leading to privilege escalation and template injection, enabling remote code execution. tantosec.com/blog/docassemb…

Ruxmon July 24 edition is on Friday. Come along to hear how Adam from Assetnote strung together 3 bugs to get RCE in ServiceNow. Then Michael McKinnon is giving a first hand account of having $41,000,000 (that's $41m USD!) stolen by North Korea. Dets on Meetup meetup.com/en-AU/ruxmon/e…

Our team is growing and we want people who can hack. Check out the job ad here: linkedin.com/jobs/view/3992… Please only apply if you have full working rights in Australia 🥷

Happy Father’s Day (Australia)! As someone who moved to Australia some years ago is pretty nice to have 2 dates to celebrate it :)

Our first keynote for #H2HC2024 (21 years): Cristofaro Mune Cristofaro Mune H2HC

We are back on the main stage of BSidesCanberra this morning at 10am! Our Technical Director Marcio (Márcio Almeida) is presenting on his research into Apple shortcuts and how they were used to execute arbitrary commands on MacOSX systems, circumventing the in-built security features 🥷

Ruxmon is this Friday! Two amazing talks will be happening with Zac & Peter from Canva presenting very cool research into fonts. Then friend of Rux and usual Keynote speaker Louis Nyffenegger will go into Navidrome Vulnerabilities & JWT Algorithm Confusion meetup.com/ruxmon/events/…

Are you an Aussie willing to relocate to Canberra? Can you find bugs and write exploits in embedded devices like we did at pwn2own? If so, apply for a job at InfoSect DM for details.

🔺New on Apple Security Research blog: a deeply comprehensive Private Cloud Compute security guide, and an unprecedented Virtual Research Environment allowing you to run production PCC software right on your Mac with Apple silicon. And up to a $1M bounty! security.apple.com/blog/pcc-secur…

Vous faites de la recherche de vulnérabilités sur mobile? On recrute en France mais aussi à l’international chez Epsilon ! Envoyez nous un message à [email protected] 😁

Paged Out! Issue #5 is out now! pagedout.institute/?page=issues.p… Happy reading! Please RT and tell your friends! :)

Santa's come early for infosec people in Melbourne this year 🎅🎁 If you can make it on Friday it will be well worth getting along to Ruxmon to hear John talk about exploiting Chrome browsers. Its been a great year so hope to see you there! meetup.com/ruxmon/events/…

At #Pwn2Own Ireland, our team successfully exploited vulnerabilities in the Lorex 2K Indoor WiFi Camera. Check out our blog for the full technical breakdown: blog.infosectcbr.com.au/2024/12/exploi…

CTF does nothing to prepare you for psychological pressure of VR. You need months of pure context learning to even come up with solid ideas & every time you miss, fear starts crawling in: what if I never find anything? Will I deliver or be fired? This is what breaks people.

VR is like being a detective but you have to find the crime scene

I’m looking for talented and experienced Mobile Vulnerability Researchers to join a dream team tackling cutting-edge challenges in a top-tier environment. We offer the best compensation package in the industry. If you’re interested, DM me.