Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!

Hi Folks, This is the third part of A brief on Abusing Invitation Systems blog post, In case you have missed the previous parts of this story of write-ups, it is advised to have a sneak peak at the First & Second part before you go on with this post. So before we kick off to our case study let’s get a brief about some technical terms first, I am Ali Kabeel an Application Security Intern at Seekurity and let’s dive in…

Continue reading “Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!”

Share

Physical Security: Apple macOS Mojave screen lock glitch leaking the secrets behind it!


Let’s start with a simple question, what is Physical Security? and why it’s important?

Based on techtarget.com’s article:

Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

Continue reading “Physical Security: Apple macOS Mojave screen lock glitch leaking the secrets behind it!”

Share

Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!


In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger.

First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it right now after we gave Fitbit the reasonable amount of time to patch the vulnerability and to protect the health data about the users!

Continue reading “Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!”

Share