A researcher found out that you can discover if a user is in incognito mode in Chrome using a timing attack.
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
That Microsoft RDP attack we talked about earlier? Yeah, it works in Azure.
https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html?m=1
In unrelated news, Microsoft has launched Azure Security Lab, a safe space to do appsec testing.
https://msrc-blog.microsoft.com/2019/08/05/azure-security-lab-a-new-space-for-azure-research-and-collaboration/
A cool bug was discovered in the Electron Framework.
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
Frequent readers know that I am no fan of Apple's closed garden when it comes to app testing. Well, it might be opening a little. They have enhanced their bug bounty, and more importantly are going to offer quasi-jailbroken phones to researchers. I'll be in line for that.
https://www.theverge.com/2019/8/8/20756629/apple-iphone-security-research-device-program-vulnerabilities
That's the news!