#security (2019-05)

Archive: https://archive.sweetops.com/security/

2019-05-23

Maciek Strömich avatar
Maciek Strömich
Two more Microsoft zero-days uploaded on GitHub | ZDNet attachment image

SandboxEscaper has now published seven zero-days in Microsoft products; two more to come.

2

2019-05-16

Maciek Strömich avatar
Maciek Strömich
Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign attachment image

A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

:--1:1

2019-05-15

Maciek Strömich avatar
Maciek Strömich
Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs attachment image

Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.

2019-05-09

Exequiel Barrirero avatar
Exequiel Barrirero

For Alpine Linux container based implementations.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021 :point_up:

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE - CVE-2019-5021

Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs) from around the world, use of CVE Entries ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.

2019-05-02

Maciek Strömich avatar
Maciek Strömich
Remote Code Execution on most Dell computers

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”.

2019-05-01

Issif avatar
Issif
Issif/sysdig-vs-malware

A short story about how Sysdig helped us to unreveal a malware - Issif/sysdig-vs-malware

    keyboard_arrow_up