We now have evidence that the strict Content-Security-Policy we added to the #Firefox fronted for hardening purposes prevent a Pwn2Own participant from escaping the sandbox! Definitely validates our approach.
https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/
P.S: Nice work from everyone for being the fastest to ship a fix for the #Pwn2Own findings again.
It’s kind of awesome to see #pwn2own being live-tooted on the fediverse.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2024 is out! It includes the following and much more:
➝ 🔓 🧬 #23andMe admits it didn’t detect #cyberattacks for months
➝ 🔓 #Trello API abused to link email addresses to 15 million accounts
➝ 🔓 🇺🇸 #LoanDepot Breach: 16.6 Million People Impacted
➝ 🇺🇸 🇷🇺 #Microsoft network breached through password-spraying by Russian-state hackers
➝ 🇷🇺 🇺🇸 Russian #TrickBot Mastermind Gets 5-Year Prison Sentence for #Cybercrime Spree
➝ 🇺🇸 🇷🇺 #HPE says it was hacked by Russian group behind Microsoft email #breach
➝ 🇷🇺 🇸🇪 Russian Hackers Suspected of #Sweden Cyberattack
➝ ✈️ 💰 Aviation Leasing Giant #AerCap Hit by #Ransomware Attack
➝ 🇺🇸 📲 #SEC blames sim-swapping, lack of MFA for X account hijacking
➝ 🇨🇳 Chinese Hackers Silently Weaponized #VMware Zero-Day Flaw for 2 Years
➝ 🔔 👮🏻♂️ Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users
➝ 🇫🇷 👀 French regulator fines #Amazon $35 million over its surveillance system of warehouse workers
➝ 🇫🇷 🍪 #France Fines #Yahoo 10 Mn Euros Over Cookie Abuses
➝ 🍎 💸 Cracked #macOS apps drain wallets using scripts fetched from DNS records
➝ 🦠 🔑 Malicious #NPM Packages Exfiltrate Hundreds of Developer #SSH Keys via #GitHub
➝ 🦠 💻 NS-STEALER Uses Discord Bots to Exfiltrate Your #Secrets from Popular Browsers
➝ 🐥 🔑 X adds #passkeys support for #iOS users in the United States
➝ 🩹 🚨 Critical #Jenkins Vulnerability Exposes Servers to RCE Attacks - #Patch ASAP!
➝ 🤖 💥 AI will increase the number and impact of cyber attacks, intel officers say
➝ 🐛 🩹 Exploit released for Fortra #GoAnywhere MFT auth bypass bug
➝ 🔓 ⚡️ #Pwn2Own Automotive: Hackers Earn Over $700k for #Tesla, EV Charger, Infotainment Exploits
➝ 🔓 🇨🇳 Mass exploitation of #Ivanti VPNs is infecting networks around the globe
➝ 🍎 🩹 Apple Issues #Patch for Critical Zero-Day in #iPhones, Macs - Update Now
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-042024
