PHDays (Positive Hack Days) brings the world's cutting edge in digital security to Moscow every year since 2011. Organized by Positive Technologies, this year's edition hosts more than 100 talks by more than 130 developers, security experts, and hackers from all over the world. Roundtables, both pu...
For almost 30 years, the RSA Conference has been an important meeting point in the cybersecurity community to share, learn and growth. A space for innovation and partnerships where, from the 17th to the 20th of May 2021, another edition takes place with the presence of specialists in cybersecurity from all over the world.
In this year's edition, the conference will be attended by two Char49 specialists, David Sopas (COO) and Pedro Umbelino (Senior Security Researcher), this in partnership with Erez Yalon (Director of Security Research, Checkmarx), Luis Gomes (Global Head of Information Security, OLX Group) and Tanya Janca (Founder & CEO, We Hack Purple Academy, Community and Podcast).
During our research on the Segways’ domain space, we found a subdomain pointing to a third-party domain “pending for deletion” by its owner. Using a domain monitoring and backorder service, as soon as the third-party domain became available we got control over Segway’s subdomain.
According to responsible disclosure best practices, we provided Segway a detailed security advisory. This article is published after the security issue has been (silently) fixed by Segway.
Samsung devices, including flagship S7, S8 and S9, were all vulnerable to a severe flaw that allowed any application to factory reset the phone, steal sms messages and call logs, lock the phone with a custom pin and message, locate the user, in short, any action that Find My Mobile supports.
From my understanding based in what I see in the field, the majority of companies are not. Besides finance, insurance and big retail chains very few are already prepared, and some aren’t even achieving meaningful results to enable them to be compliant in May 25, not even the health or public sector...
What to do? Where to begin? How to do it? Now you can relax and sit down. Thanks to David Sopas you can organize all your work with an assessment mindset available for free at Github. He did it to help him on his all-around assessments (pentest, bug bounty, red-team) keeping the workflow organized a...
