In the rapidly evolving landscape of information security, some conferences stand out as pivotal hubs for knowledge exchange, collaboration, and networking. One such beacon in Portugal is BSidesLisbon, the premier technical information security conference. Now in its 8th edition, this community-or...
Char49 is proud to announce that our Principal Security Researcher and Co-Leader at OWASP API Security Project, Paulo Silva, will be representing us at BSIDES AHMEDABAD 2023. He will be speaking on October 6th at this prestigious event in Ahmedabad, India, which brings together the brightest min...
"Integration Tomorrow" is a one-day conference that brings together industry leaders, experts, and professionals to discuss the latest trends and advancements in integration solutions. With technology rapidly evolving, integration plays a crucial role in enabling seamless data exchange and process...
Have you ever wondered what it feels like to own a Ferrari? We did. Not the car itself, but access to their database credentials.
Following Ferrari Responsible Disclosure Program1 Char49 discovered a vulnerability on the media.ferrari.com subdomain. The vulnerability affected a popular Wordpres...
TOPdesk Single Sign-on integration based on SAML (Security Assertion Markup Language) was vulnerable to XML Signature Wrapping (XSW) attacks, allowing bad actors with credentials to authenticate with the Identity Provider (IdP) to impersonate any TOPdesk user, tampering with the SAML Response.
The...
Char49 recently discovered a security misconfiguration on a subdomain of an American multinational corporation (Top50 on the Fortune500) website: an exposed Symfony web framework debug endpoint leaking sensitive information.
In a nutshell, exposing Symfony Profile or any other web framework debug...
