#security (2019-05)

Archive: https://archive.sweetops.com/security/

2019-05-01

Issif avatar
Issif
06:34:56 PM

A short article I wrote : https://github.com/Issif/sysdig-vs-malware

Issif/sysdig-vs-malware

A short story about how Sysdig helped us to unreveal a malware - Issif/sysdig-vs-malware

2019-05-02

Maciek Strömich avatar
Maciek Strömich
02:43:57 PM

https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/

Remote Code Execution on most Dell computers

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”.

2019-05-09

Exequiel Barrirero avatar
Exequiel Barrirero
03:59:26 PM

For Alpine Linux container based implementations.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021 :point_up:

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE - CVE-2019-5021

Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs) from around the world, use of CVE Entries ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.

2019-05-15

Maciek Strömich avatar
Maciek Strömich
02:16:35 PM

https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/ the saga continues

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCsattachment image

Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.

2019-05-16

Maciek Strömich avatar
Maciek Strömich
09:57:15 AM

https://www.wired.com/story/microsoft-windows-xp-patch-very-bad-sign/

Microsoft’s First Windows XP Patch in Years Is a Very Bad Signattachment image

A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

1

2019-05-23

Maciek Strömich avatar
Maciek Strömich
12:36:09 PM

https://www.zdnet.com/article/two-more-microsoft-zero-days-uploaded-on-github/

Two more Microsoft zero-days uploaded on GitHub | ZDNetattachment image

SandboxEscaper has now published seven zero-days in Microsoft products; two more to come.

2
    keyboard_arrow_up