My Shared Links — Week 33/2022
--
Collection of the resources and links I have found insightful and shared during week #33 of 2022.
New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings
Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings.
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
On Tuesday, Google rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.
Tracked as CVE-2022–2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. The Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.
Anonymous poop gifting site hacked, customers exposed
No matter the nature or industry of your business, after all, data is data.
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a “customer” spotted a vulnerability.
Except, in an interesting twist, rather than responsibly reporting the vulnerability, the customer who is a known threat actor ended up exploiting the bug and downloading the entire database.
This database was then shared on a hacking forum, exposing the angry, and sometimes hysterical, personal messages sent by the customers with the gifts.
