Application Security This Week for April 5

I'm hoping everyone is safe and healthy. This whole thing is weird. But security news marches on.

 

There was a vulnerability discovered in Pi-hole.  If you don't know what it is, don't worry, but if you do, you need to patch right meow.  Either way, neat application security lessons. Good writeup here:

https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

 

Along those lines, there is a vulnerability in OpenWRT. Again, if you aren't using it don't sweat it but cool writeup about the vulnerability:

https://nakedsecurity.sophos.com/2020/03/31/patch-now-critical-flaw-found-in-openwrt-router-software/

 

HTML 6 is coming! See what's new here:

https://morioh.com/p/6d422fc49bd2

 

The incredible Binni Shah tuned me in to two some really interesting new C# memory injection tools:

https://github.com/coffeegist/changeling

https://github.com/pwndizzle/c-sharp-memory-injection

 

That's the news. Stay safe, everyone.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList