#security (2023-12)

Archive: https://archive.sweetops.com/security/

2023-12-08

Jim Park avatar
Jim Park
04:52:01 PM

LogoFAIL is a technique to take advantage of image parsing functions that do not properly validate input arguments and allow for buffer overflows in UEFI bootloaders. The attack is to inject a trojan-horseā€™d vendor logo into the EFI System Partition. Apple devices not vulnerable due to not using UEFI, but others should make sure they check for BIOS updates from their manufacturer.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attackattachment image

UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

Hao Wang avatar
Hao Wang
10:09:35 PM

this is huge, new Linux images will be impacted

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attackattachment image

UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

2023-12-19

Allan Swanepoel avatar
Allan Swanepoel
11:26:09 PM

https://easybreach.dragonsecurity.io

Type in a password The client side generates a sha1 hash as you type and the sha1 gets checked against my easybreach api in near realtime, seeded with the hibp password list.

React App

Web site created using create-react-app

1
Hao Wang avatar
Hao Wang
11:33:39 PM

https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/

1
    keyboard_arrow_up