Google exposes an APT campaign, PHP owned, and Several Auth Issues

Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption. [00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ [00:21:48] PHP Git Compromised https://news-web.php.net/php.internals/113838https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a [00:32:24] [Google Chrome] File System Access API vulnerabilities https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome [00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos https://hackerone.com/reports/1034257 [00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook https://securitylab.github.com/advisories/GHSL-2020-323-geek-cookbook-workflow/ [00:47:58] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c [00:53:27] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/ [00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio [01:06:15] DD-WRT UPNP Buffer Overflow https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/https://github.com/mirror/dd-wrt/commit/da1d65a2ec471f652c77ae0067544994cdaf5e27 [01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219] https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/ [01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/ [01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/ [01:35:37] Chat Question: Where to learn about Windows Heap exploitation https://dayzerosec.com [01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18 https://bugs.chromium.org/p/project-zero/issues/detail?id=2131 [01:46:26] Eliminating XSS from WebUI with Trusted Types https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/ [01:54:19] Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors [02:03:05] The Future of C Code Review https://research.nccgroup.com/2021/03/23/the-future-of-c-code-review/ [02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)