Application Security This Week for February 24

by Bill Sempf 24. February 2019 10:39

Cool PoC of the Mac vulnerability CVE-2018-4193, an RCE in WindowServer.

https://www.synacktiv.com/ressources/OffensiveCon_2019_macOS_how_to_gain_root_with_CVE-2018-4193_in_10s.pdf

 

Terrifying vulnerability in an underlying component of Docker, Kubernates, and other virtuilazation software leads to hypervisor breakdown.

https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d

 

An Oracle DCMA takedown of a Docker container leads to some interesting build awareness. Good Reddit thread.

https://www.reddit.com/r/oracle/comments/arqhjc/our_builds_are_failing_because_oracle_has_dmca/

 

A fourteen year old flaw was discovered in the encryption facility of WinRAR.  Whoops.  So much for the thousand eyes on open source theory.

https://arstechnica.com/information-technology/2019/02/nasty-code-execution-bug-in-winrar-threatened-millions-of-users-for-14-years/

 

Microsoft turbocharges GitHub's bug bounty program.

https://www.zdnet.com/article/github-bug-bounty-microsoft-ramps-up-payouts-to-30000-plus/

 

And that's the news!

Tags:

AppSec

Application Security This Week for February 17

by Bill Sempf 17. February 2019 12:56

A maintainer of the underlying runtime for Docker and Kubernetes) reported a vulnerability.

https://seclists.org/oss-sec/2019/q1/119

 

Here is a PoC codebase for the above.  Well written too.

https://github.com/Frichetten/CVE-2019-5736-PoC

 

Hashcat can now crack any eight chatacter Windows password in two hours.

https://www.theregister.co.uk/2019/02/14/password_length/

 

Interested in Bug Bounties?  Think they are all taken?  Facebook CSRF finding nets $25,000.

https://ysamm.com/?p=185

 

And that's the news.

Tags:

Application Security This Week for February 10

by Bill Sempf 10. February 2019 16:33

Ullaakut on Reddit posted this toolset: Gorsair, a tool to remotely access the exposed Docker API of vulnerable Docker containers.  Works, too.

https://github.com/Ullaakut/Gorsair

 

Someone already pwned TLS 1.3, for crying out loud.

https://eprint.iacr.org/2018/1173

 

Cool attack on CORS configuration in mobile devices

https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/

 

RCE in Libreoffice.  Not so free NOW areya?

https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html

 

And that's the news. Stay warm.

Tags:

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon