Application Security This Week for February 9

Christian Pedersen wrote a cool scanner for the Netscaler Gateway flaw, and is hosting it on Azure. 

https://cve-2019-19781.azurewebsites.net/

It is based on the TrustedSec POC

https://github.com/trustedsec/cve-2019-19781

Wacom tablets call the mothership every time you load up an application. The writeup has a fantastic breakdown on how to use available tools to find this shittery.

https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/

The Twitter API was exploitable by a direct object reference flaw that exposed phone numbers of users.

https://www.theregister.co.uk/2020/02/04/twitter_phone_numbers/

An ancient bug in Sudo (well by software standards anyway) allowed nonprivleged users to, well, do what superusers do.

https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

That’s the news folks.  Keep it frosty.