Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide an account of my internship at Quarkslab which included obtaining, reversing and fuzzing the firmware, and finding a few new vulnerabilities.

https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html

#PWN

SP 800-77 Rev.- 1 (DRAFT),- Guide to IPsec VPNs | CSRC :

https://csrc.nist.gov/publications/detail/sp/800-77/rev-1/draft

Cracking the Lens: Targeting HTTP's Hidden Attack Surface :

https://portswigger.net/kb/papers/crackingthelens-whitepaper.pdf

Youtube is removing all Instructional hacking and phishing content

https://ift.tt/2wL8xfl

Authentication Bypass and Arbitrary File Upload (leading to remote code execution) on Cisco Data Center Network Manager
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

Android malware hidden inside VirtualApp sandbox.
#chinese
http://blog.avlsec.com/2019/07/5393/virtualapp%e6%8a%80%e6%9c%af%e5%ba%94%e7%94%a8%e5%8f%8a%e5%ae%89%e5%85%a8%e5%88%86%e6%9e%90%e6%8a%a5%e5%91%8a/

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and noscripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported

Introduction to WAFs, WAF types and WAF Bypassing #Web

#facebook is embedding tracking data inside photos you download.

Unofficial Telegram App Secretly Loads Infinite Malicious Sites

MobonoGram 2019 app was downloaded more than 100,000 times and performed adfraud clicks.
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites