Is anyone here using Azure?
Are you using Azure? A newly published Hyper-V bug could possibly crash ‘big portions of Azure cloud infrastructure’. Security researchers have posted proof of concept code that exploits a recently patched vulnerability in Microsoft’s Hyper-V hypervisor. The bug enables code in the guest to crash the host, and in some circumstances compromise the host’s security.…
Apple raises bug bounty
Macrumors, among others, reports. A good move in the vulnerability ecosystem.
BeA: Besonderes elektronisches Anwaltspostfach ohne Umlaute
Es ist schlimmer, als wir alle gedacht haben. Mail rechtzeitig verschickt, Frist aber trotzdem versäumt: Das BeA kommt mit Umlauten nicht klar, der Absender einer Nachricht erfährt davon aber nichts. Source: BeA: Besonderes elektronisches Anwaltspostfach kann kein Deutsch – Golem.de
Until recently, notepad.exe was considered safe in terms of security vulnerability, mostly for its lack of features and therefore lack of attack surface. Until Vulnerability researcher at Google, Tavis Ormandy, took a closer look and popped a shell from notepad.exe. Awesome.
Google stored G Suite passwords in plaintext
In today’s edition of privacy related topics, it is Google that apparently stored customer passwords in plaintext. Google didn’t disclose which (enterprise) customers have been affected, but was clear that improper access is out of question. With this recent incident, Google joins ranks of Facebook, Instagram, but also Twitter and LinkedIn. Google says it discovered…
Phones Open to Attack through WhatsApp Flaw
Meanwhile, another flaw from the Facebook universe. While it appears it’s not immediately related to data leakage, it gives great potential to 3rd parties, though. On the upside, nobody will attribute it to Facebook this time. It’s a good opportunity to point out and recommend the alternatives to Whatsapp, in particular Signal and Threema. A…
Offenbar ist der Grund für den gestrigen und heutigen Ausfall der Telekom: ein bekannter Bug in TR069. Es gibt offenbar auch ein Metasploit Modul dafür. Source: Port 7547 SOAP Remote Code Execution Attack Against DSL Modems – SANS Internet Storm Center
Bug of the day: MongoDB
Trevor Morgen points out the most creative bug so far in MongoDB. Not sure if this is a bug or pure stupid, though, and let’s fear for more issues of this kind in the codebase.
Facebooks To Kill Flash
Facebook’s new chief security officer, Alex Stamos, has stated publicly that he wants to see Adobe end Flash. Most of the internet will consider this a good idea. Not too sure about the Facebook bunch yet. via: Slashdot