Scope-creeping doesn’t always end up in a 0-day with a CVE assigned, and this was the fortune of Detectify Crowdsource hacker, Özgür Alp. He is an ethical hacker with 7+ years experience, well certified within offensive security and also high ranked on hacker leaderboards. Here is his success story on how he, with the help of the Detectify Crowdsource team, turned an open redirect into a public disclosed vulnerability known as CVE-2020-1323.

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.

Since April 2020 we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. Going into August we are highlighting a CVE affecting a popular password vault – KeePass, along with a few interesting ones. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

Zalo is a chat application on the rise and exceedingly popular in South-East Asia with a user base of over 100 million. In a number of countries, including Vietnam and Myanmar, the application rivals WhatsApp and Facebook Messenger as the most popular chat application. Zalo’s functionality continues to expand with Zalo Pay and Zalo Shop emerging among many new features on the burgeoning super app.

Remember that high school teacher who was never more than one chapter ahead of their students? Well that is me, in this blog. ¯\_(ツ)_/¯