Uber: Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront

Hi, 3 hours ago, rider.uber.com was responding like this: F127137 This happened on both HTTP and HTTPS. Now, as our blog post from last week says: https://labs.detectify.com/2016/10/05/the-story-of-ev-ssl-aws-and-trailing-dot-domains/ This means that there's a high chance this domain does not hav...

Android Qualcomm GPS/GNSS Man-In-The-Middle

Exploit for Android platform in category local exploits Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java...

Docebo LMS 6.9 Remote Code Execution

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST Remote Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: =============...

Ubiquiti Inc.: Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry

Hi, So lately I have discovered that CloudFront is not validating which user that connects a CNAME:d domain to a CloudFront Origin. This means that if I could find a domain that is still pointing to CloudFront, without being connected to any Origin as a Custom CNAME, I can actually claim the doma...

Amazon CloudFront Turns On Perfect Forward Secrecy

Add Amazon to the growing list of technology providers ensuring that its encryption capabilities exceed a minimum standard. Yesterday, the company announced that its web content delivery platform Amazon CloudFront had turned on Perfect Forward Secrecy, in addition to a number of changes designed ...