Application Security Weekly for May 13

Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax

http://fortune.com/2018/05/07/security-equifax-vulnerability-download/

 

Another fun iOS bug - The Black Dot of Death

https://www.cultofmac.com/546951/black-dot-of-death-bug/

 

The Nest doorbell doesn't invalidate existing OAUTH refresh tokens when the password is changed.  How could they miss that?

https://www.theinformation.com/articles/how-amazons-latest-security-device-let-people-spy-on-you

 

Introducing Throwhammer - Rowhammer over the network

https://thehackernews.com/2018/05/rowhammer-attack-exploit.html

 

And that's the news.

S

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList