Application Security This Week for September 2

Mazen Ahmed write an exploit for the new Struts CVE.

https://github.com/mazen160/struts-pwn_CVE-2018-11776

 

Speaking of the CVE program, and MITRE in general, Steve Ragan got a solid scoop on congress planning a revamp.

https://www.csoonline.com/article/3300753/security/congress-pushes-mitre-to-fix-cve-program-suggests-regular-reviews-and-stable-funding.html

 

Secure Ideas started a blog seried on CORS, CSRF, and Clickjacking which is off to a good start

https://blog.secureideas.com/2018/07/three-c-words-of-web-app-security-part-1-cors.html

 

The Fortnite Android app is vulnerable to a really very unique flaw, Man-on-the-disk.  

https://www.theregister.co.uk/AMP/2018/08/29/android_external_storage_man_in_the_disk/

 

Speaking of weird flaws, people have started registering skills on Alexa with phonetically similar names as common commands. It's called Skill Squatting.

https://www.usenix.org/conference/usenixsecurity18/presentation/kumar

 

And that's the news!

Comments are closed

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList