Cybersecurity Reach Foundation LogoCybersecurity Reach Foundation
Back to Newsletters

Misconfigurations, Domain Hijacks, and Pipeline Vulnerabilities

This week was an exciting one! There were some truly creative exploits and weaknesses discovered, sure to get your mind spinning. Let’s dive into a few of the top highlights from the week. 🚀

Newsletter cover image

🛡️ The Myth of the "Magic Hack"

When you think of a hack, you might imagine someone instantly gaining access to a machine like magic. But in reality, hacking is far from that. It’s a meticulous series of steps exploiting various software, hardware, human weaknesses, and processes. It’s the details that make the difference! 🔍

Becoming the admins of .mobi

What does it mean to "become the admin of .mobi"? Well, imagine you control how others verify if a .mobi site is legit. Your contact details would be listed, and people would come to you for .mobi-related queries.

This is exactly what happened in this amazing story by WatchTowr Labs (highly recommended reading!). They discovered that when the .mobi top-level domain (TLD) was created, it originally used the WHOIS server whois.dotmobiregistry.net. This server was later moved to whois.nic.mobi, but the original domain wasn’t renewed and expired in December 2023—leaving it available for purchase.

But why is that a problem? Well, if a domain was once associated with a company or site, it’s remembered in bookmarks, browser history, and systems. If someone else buys it, they can misuse that association. Thankfully, WatchTowr Labs bought the expired domain for just $20 and tested how many services still trusted it. Turns out, a lot of services—including SSL certificate authorities—were still using it! 😱 They could have issued SSL certificates for any .mobi domain by controlling the verification process.

Read More

Hacking Misconfigured AWS S3 Buckets

One of the easiest ways to get "hacked" is through misconfiguration—especially with public-facing services. For instance, I once hosted a MongoDB server and, while I thought I added proper authentication, I hadn’t enabled it. 😅 Waking up one morning to find a ransom note in my database was a tough lesson. Even though I didn’t lose anything important, it hurt.

That’s why it’s critical to double-check configurations, especially for public services like AWS S3 buckets. A small mistake can lead to a big breach.

Read More

Exploiting CI CD Pipelines

Speaking of misconfigurations, let’s talk about CI/CD pipelines. When using Git repositories, a hidden .git folder is created to track file changes. However, if this folder is accidentally exposed publicly (such as on a website), it becomes a goldmine for attackers. They can use it to uncover sensitive data and critical information.

This issue is discussed in detail in this great article on exploiting CI/CD pipelines for profit. Make sure you know how to secure your repositories! 🛠️

Read More

🛡️ Stay Safe!

Always remember, security isn’t about making one big, impossible hack; it’s about exploiting small weaknesses. Take the time to learn from others' mistakes and avoid becoming the next victim. Until next week—stay secure! 🔐

Subscribe to Our Newsletter