My Shared Links — Week 33/2022

Xavier «X» Santolaria
3 min readAug 22, 2022

Collection of the resources and links I have found insightful and shared during week #33 of 2022.

Photo by Philipp Katzenberger on Unsplash

New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings.

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

On Tuesday, Google rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.

Tracked as CVE-2022–2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. The Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.

Anonymous poop gifting site hacked, customers exposed

No matter the nature or industry of your business, after all, data is data.

ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a “customer” spotted a vulnerability.

Except, in an interesting twist, rather than responsibly reporting the vulnerability, the customer who is a known threat actor ended up exploiting the bug and downloading the entire database.

This database was then shared on a hacking forum, exposing the angry, and sometimes hysterical, personal messages sent by the customers with the gifts.

Xavier «X» Santolaria

Cloud Security | IBM Inventor | IBM AoT Member | Open Source Advocate | ex-OpenBSD | |