Analyst207Jun 3

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling

A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by…

https://osintsights.com/bug-hunter-exposes-microsoft-vs-code-flaw-in-protest-of-disclosure-handling?utm_source=mastodon&utm_medium=social

#VsCodeVulnerability #OauthTokenTheft #Github #Proofofconcept #BugDisclosure

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling

Discover how a bug hunter exposed a Microsoft VS Code flaw in protest of disclosure handling and learn how to protect yourself from similar exploits now.

OSINTSights
ITSEC NewsJan 29, 2020
Let’s make ransomware MORE illegal, says Maryland - … with a clumsily worded proposed bill that wouldn't protect researchers. more: https://nakedsecurity.sophos.com/2020/01/29/lets-make-ransomware-more-illegal-says-maryland/ #vulnerabilitydisclosure #responsibledisclosure #securitythreats #katiemoussouris #bugdisclosure #legislation #prosecution #researchers #ransomware #disclosure #law&order #dataloss #maryland #malware #bill
Let’s make ransomware MORE illegal, says Maryland

Naked Security
ITSEC NewsJan 9, 2020
Google’s Project Zero highlights patch quality with policy tweak - Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to hel... more: https://nakedsecurity.sophos.com/2020/01/09/googles-project-zero-highlights-patch-quality-with-policy-tweak/ #responsibledisclosure #securitythreats #vulnerability #bugdisclosure #bug-hunting #projectzero #bugbounty #google
Google’s Project Zero highlights patch quality with policy tweak

Naked Security
ITSEC NewsDec 9, 2019
HackerOne pays $20,000 bounty after breach of own systems - In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher ... more: https://nakedsecurity.sophos.com/2019/12/09/hackerone-pays-20000-bounty-after-accidental-breach-of-own-systems/ #responsibledisclosure #securitythreats #vulnerability #bugdisclosure #sessioncookie #haxta4ok00 #bugbounty #hackerone
HackerOne pays $20,000 bounty after breach of own systems

Naked Security
ITSEC NewsDec 2, 2019
Uncle Sam opens arms to friendly hackers - All you bug hunters out there are about to get a nice Christmas gift - the US federal government f... more: https://nakedsecurity.sophos.com/2019/12/02/uncle-sam-opens-arms-to-friendly-hackers/ #responsibledisclosure #governmentsecurity #securitythreats #helpfulhackers #bugdisclosure #usgovernment #bugbounty #bug
Uncle Sam opens arms to friendly hackers

Naked Security
ITSEC NewsNov 15, 2019
How the Linux kernel balances the risks of public bug disclosure - A serious Wi-Fi flaw shows how Linux handles security in plain sight. more: https://nakedsecurity.sophos.com/2019/11/15/how-the-linux-kernel-balances-the-risks-of-public-bug-disclosure/ #securitythreats #cve-2019-17666 #linuxcommunity #wi-fiinterface #vulnerability #bugdisclosure #remoteexploit #linuxkernal #linux #wi-fi #cves #flaw #bug
How the Linux kernel balances the risks of public bug disclosure

Naked Security