Firstly, I have had a MASSIVE chest cold that has kept me down for the count, so I have been reading a lot of news. Thus, long newsletter.
Microsoft bought Github. This might seem to not be a security issue, but 'tis. Why did they buy them? Github doesn't make money. However: 1) Microsoft wants devs on their platform and 2) they are really into machine learning. So, let's get all of the devs and all of their code and ... profit?
https://www.linuxfoundation.org/blog/microsoft-buys-github-the-linux-foundations-reaction/
This is a little older but was new to me - Bruce Schneier writing for Lawfare (recommended reading by the way) about the implications of Efail.
https://www.lawfareblog.com/what-efail-tells-us-about-email-vulnerabilities-and-disclosure
A cartoon intro to DNS over HTTPS. We need more of these.
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
Building malicious zip files. Remember, mess with malware in a virtual machine, and NOT on your company network please.
https://github.com/snyk/zip-slip-vulnerability/blob/master/archives/README.md
Didier Stevens is oft referenced in these missives, and he had a really productive May. I'll just link to his own overview. Lots of great appsec content.
https://blog.didierstevens.com/2018/06/05/overview-of-content-published-in-may-3/
XSS on ESPN's site. Stuff is just everywhere:
http://seclists.org/fulldisclosure/2018/Jun/22
Oh man, I forgot about this one. Remote Code Execution on a voice-based AI. You know, one of those smart speakers? Incredible stuff. Now I wanna go test my Echo.
https://github.com/Nhoya/MycroftAI-RCE
And we'll finish up with a breakdown by El Reg of all of the week's data breaches.
https://www.theregister.co.uk/AMP/2018/06/09/what_got_breached_this_week_ticket_portals_dna_sites_and_atlantas_police_cameras/
Have a good week, everyone. I'm going back to bed. Oh, and that's the news.
My good friends at AppSec Consulting tipped me off this this really neat finding . It's a SAML bypass - they didn't discover it but they have been using it in tests and it works well.
https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability
Remember JScript, that attempt by Microsoft to take over ECMAscript? Yeah, neither does anyone else but it is still in Windows and it has an RCE vulnerability.
https://securityaffairs.co/wordpress/73076/hacking/jscript-component-0day.html
Apparently it's the theme today, so I'll point out that an RCE vulnerability was found in the Steam client, and has a good writeup.
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
In a previous post I mentioned the sheer mass of Redis servers left open on the Internet. Someone has now written a worm for them, and 75% are infected.
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
And that's the news.
S
My good friends at AppSec Consulting tipped me off this this really neat finding . It's a SAML bypass - they didn't discover it but they have been using it in tests and it works well.
https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability
Remember JScript, that attempt by Microsoft to take over ECMAscript? Yeah, neither does anyone else but it is still in Windows and it has an RCE vulnerability.
https://securityaffairs.co/wordpress/73076/hacking/jscript-component-0day.html
Apparently it's the theme today, so I'll point out that an RCE vulnerability was found in the Steam client, and has a good writeup.
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
In a previous post I mentioned the sheer mass of Redis servers left open on the Internet. Someone has now written a worm for them, and 75% are infected.
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
And that's the news.
S