Dhiraj Mishra
| Dhiraj Mishra | |
|---|---|
| Born | |
| 💼 Occupation | |
| 🌐 Website | www |
Dhiraj Mishra is a security researcher working for Cognosec based out in United Arab Emirates [1].
Telegram (software) awarded him US$2,700 as bounty for allowing users to recover photos and videos “unsent” by other people [2][3][4]. He also received US$2,700 from Telegram (software) which leaks IP address during peer to peer call [5]. Mishra discovered same origin policy (SOP) bypass issue that resides in the popular Samsung Internet Browser that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site [6].
He also found a vulnerability in Evernote that could have allowed an attacker to run malicious commands on any macos computer with Evernote installed [7][8]. While participating in various bug bounty program, Mishra identified a bug in Kaspersky Lab virtual private network app for Android (operating system) that leaked the computer's configured Domain Name System while using a VPN connection [9][10].
Mishra disclosed an unpatched vulnerability in smart TV would allow attackers on the same Wi-Fi network to hijack the TV set to broadcast their own content – including, potentially fake emergency broadcast messages [11][12]. In an interview he also expressed his views on how fake transactions can happen in India [13]. Mishra also did a responsible disclosure to CERT-In which would’ve allowed hackers to take over Income Tax India websites [14][15].
References[edit]
- ↑ Nichols, Shaun (30 March 2020), "You know all those stories of leaky cloud buckets taken offline? Well, some may still be there, just badly hidden", theregister.co.uk
- ↑ Whittaker, Zack (9 September 2019), "Telegram fixes bug that failed to delete 'unsent' photos and videos", techcrunch.com
- ↑ Savenkov, Andrey (10 September 2019), "Cybersecurity Researcher Receives Reward From Telegram for Uncovering App Bug", sputniknews.com
- ↑ Mehta, Ivan (10 September 2019), "Telegram fixed a bug that stored images on recipients' phones even after you 'unsent' them", thenextweb.com
- ↑ Abrams, Lawrence (29 September 2018), "Telegram Leaks IP Addresses by Default When Initiating Calls", bleepingcomputer.com
- ↑ Kumar, Mohit (29 December 2017), "Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser", thehackernews.com
- ↑ Whittaker, Zack (17 April 2019), "Evernote fixes macOS app bug that allowed remote code execution", techcrunch.com
- ↑ Lovejoy, Ben (17 April 2019), "Evernote's Mac app could have allowed remote code execution; now fixed [Video]", 9to5mac.com
- ↑ Abrams, Lawrence (10 August 2018), "DNS Leak Fixed in Kaspersky VPN App for Android", bleepingcomputer.com
- ↑ Nichols, Shaun (9 August 2018), "Kaspersky VPN blabbed domain names of visited websites – and gave me a $0 reward, says chap", theregister.co.uk
- ↑ Seals, Tara (3 June 2019), "Smart-TV Bug Allows Rogue Broadcasts", threatpost.com
- ↑ Nichols, Shaun (4 June 2019), "Supra smart TVs aren't so super smart: Hole lets hackers go all Max Headroom on e-tellies", theregister.co.uk
- ↑ Das, Shouvik (21 January 2020), "Despite OTPs, This is How Fake Transactions Can Happen on Your Card in India Too", news18.com
- ↑ Mehta, Ivan (16 February 2020), "Indian income tax agency patched a security flaw that would've allowed hackers to take over its site", thenextweb.com
- ↑ Das, Shouvik (19 February 2020), "Income Tax India Patches Flaw That Could Have Let Anyone Hack the Website", news18.com
External links[edit]
Tod Beardsley - HaXmas: The True Meaning(s) of Metasploit - Rapid7
This article "Dhiraj Mishra" is from Simple English Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Dhiraj Mishra.
|
This page exists already on Wikipedia. |
