My Shared Links — Week 49/2022

Xavier «X» Santolaria
5 min readDec 12, 2022


Collection of the resources and links I have found insightful and shared during week #49 of 2022.

Photo by FLY:D on Unsplash

{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF

Team82 at Claroty has developed a generic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse.

The bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process.

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.

The trade group, called ITI (Information Technology Industry Council), counts Amazon, Microsoft, Apple, Intel, AMD, Lenovo, IBM, Cisco, Samsung, TSMC, Qualcomm, Zoom and Palo Alto Networks among its prominent members.

Google: State hackers still exploiting Internet Explorer zero-days

The vulnerability (tracked as CVE-2022–41128) is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.

Zero-Day Hackers Breach Samsung Galaxy S22 Twice In 24 Hours

At Pwn2Own in Toronto, Canada, elite hacking teams went one better: Samsung’s flagship Galaxy S22 smartphone fell to zero-day exploits twice on the same day.

Rackspace confirms outage was caused by ransomware attack

Cloud computing provider Rackspace Technology has confirmed today that a ransomware attack is behind its ongoing Hosted Exchange outage.

Rackspace says that the investigation, led by a cyber defense firm and its own internal security team, is in its early stages with no info on “what, if any, data was affected.”

Hacking cars remotely with just their VIN

Your car’s mobile app might have allowed hackers to remotely unlock your vehicle, turn on or off its engine, and even honk its horn.

Those are the findings of Sam Curry, a security researcher and bug bounty hunter, who explored vulnerabilities that could affect Hyundai, Genesis, Nissan, Infiniti, Honda, and Acura vehicles, amongst others.

Curry and his colleagues first turned their attention to the official mobile apps used by owners of Hyundai and Genesis vehicles, that allow authenticated users to start, stop, lock, and unlock their cars.

French Hospital Cancels Operations After Cyberattack

A hospital complex in Versailles, near Paris, had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said.

Researchers Accidentally Crash Cryptomining Botnet

Security researchers analyzing a prolific botnet managed to accidentally kill it due to the coding equivalent of a typing error, according to Akamai.

Rackspace Cloud Office suffers security breach

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Cybercriminals linked to Chinese government stole millions in Covid benefits, Secret Service says

Chengdu-based threat group known as APT41 and linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states, according to the Secret Service.

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm.

Officially, Variston claims to provide custom security solutions and custom patches for embedded system.

The experts reported that the framework includes exploits for n-day vulnerabilities in Chrome, Firefox and Microsoft Defender, the company also provides a collection of tools to deploy a malicious payload to a target device.

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies.

Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as demonstrated by many security experts over the years.

Law enforcement and intelligence worldwide are buying technologies that exploit weaknesses in vehicle systems.



My Shared Links — Week 46/2022

4 min read

Nov 14, 2022

My Shared Links — Week 03/2023

8 min read

Jan 16

My Shared Links — Week 02/2023

7 min read

Jan 9

My Shared Links — Week 01/2023

3 min read

Jan 3

My Shared Links — Week 52/2022

5 min read

Dec 27, 2022

My Shared Links — Week 51/2022

4 min read

Dec 19, 2022

My Shared Links — Week 50/2022

6 min read

Dec 12, 2022

My Shared Links — Week 48/2022

4 min read

Nov 28, 2022

My Shared Links — Week 47/2022

5 min read

Nov 21, 2022

My Shared Links — Week 45/2022

5 min read

Nov 7, 2022

Xavier «X» Santolaria

Cloud Security | IBM Inventor | IBM AoT Member | Open Source Advocate | ex-OpenBSD | |