no more cubes

Tag: vulnerability

  • A punch in the face

    Sombody needs that right into their face. Sometime repeatedly. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the faceacceptable risk = your willingness to be punched in the…

  • CPU Flaws

    Remember Intel’s Spectre? Now Intel’s Core Ring-Interconnect can be exploited to extract encryption keys.

  • Look, No Hands!

    Look, No Hands!

    Google’s Project Zero drops a hand full of Zero Day vulnerabilities for the iPhone at Black Hat 2019. Apparently one of them isn’t patched yet. Interaction-less Attack Surface in this context means, it’s wormable, executing code with no human interaction. Source: Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone

  • notepad.exe

    Until recently, notepad.exe was considered safe in terms of security vulnerability, mostly for its lack of features and therefore lack of attack surface. Until Vulnerability researcher at Google, Tavis Ormandy, took a closer look and popped a shell from notepad.exe. Awesome.

  • RunC CVE-2019-5736

    Use Containers they said. It’d be more secure, they said. Until CVE-2019-5736 was disclosed.

  • Venom PoC is out.

    Quick: https://twitter.com/hdmoore/status/598644158664814592

  • 'Venom' bigger than Heartbleed

    Security researchers say the zero-day flaw affects “millions” of machines in datacenters around the world. Security researchers found a flaw in QEMU, dating back to 2004. Lots of virtualization platforms inherited the bug. Since virtualization powers the cloud, this has some potential. Quelle: Bigger than Heartbleed, ‘Venom’ security vulnerability threatens most datacenters | ZDNet

  • Check if you trust the Superfish CA

    Filippo Valsorda wrote a test to check whether your PC is vulnerable through the Superfish Malware, that Lenovo decided to preinstall on it’s devices. Check here if you trust the Superfish CA.

  • Risk assessment process

    Threat identification is the review of technical and technical events that may damage a system System characterization is the review of system and data criticality and sensitivity Control analysis is the review of current and planned countermeasures against security requirements checklists. Vulnerability identification is the review of system security procedures, design, implementation, or internal controls…