Application Security This Week for February 10

Ullaakut on Reddit posted this toolset: Gorsair, a tool to remotely access the exposed Docker API of vulnerable Docker containers.  Works, too.

https://github.com/Ullaakut/Gorsair

 

Someone already pwned TLS 1.3, for crying out loud.

https://eprint.iacr.org/2018/1173

 

Cool attack on CORS configuration in mobile devices

https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/

 

RCE in Libreoffice.  Not so free NOW areya?

https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html

 

And that's the news. Stay warm.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList