A selection of this week’s more interesting vulnerability disclosures and cyber security news. In the new GDPR age we are in, exploration of data at rest has been high on the agenda for many, and this item perked my interest – and some concern. Well worth a read:
Further mystifying progress from an item a few weeks back. How weirder can this get?
Been a while since I’ve hit the slopes (family life and all), and while I was laughed at with my walkie-talkie, at least I wasn’t able to be pwned to this extent!
In other news…
- Container Escape Hack Targets Vulnerable Linux Kernel A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.
- Did you hear the one about Cisco routers using codestrcpy/code insecurely for login authentication – Makes you go AAAAA-AAAAAAArrg; (The Register)
- Did you know?! Ghidra, the NSA”s open-sourced decompiler toolkit, is ancient Norse for “No backdoors, we swear!”
- How to make people sit up and use 2-factor auth: Show “em a vid reusing a toothbrush to scrub a toilet then compare it to password reuse (The Register)
- RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope New look at server data behind a previously-identified espionage campaign shows that it has exceeded researchers’ expectations in complexity, scope and breadth.
- Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal (The Register)
- RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes Researchers say that Microsoft won’t issue a patch for the issue.
- When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security
- Bad news: Google drops macOS zero-day after Apple misses bug deadline. Good news: It’s fiddly to exploit (The Register)