Application Security This Week for June 7

by Bill Sempf 7. June 2020 03:25

Another great Server Side Request Forgery find.  I found this on a test again in May folks, it's a real thing.  Just because your analyst doesn't have time to write the exploit doesn't mean it isn't real.


Spoofing attacks on contact tracing.  Man, the bad guys will stop at nothing.  Insane.


Two MORE remote code execution vulns in Zoom.  Now, don't think I am picking on them, but this is why we should be careful up front - you never know when you are gonna go viral! I think the devs at Zoom are doing an AWESOME job fixing these as they show up.


The fantastic Google Project Zero wrote a neat instrumentation library that is ACTUALLY lightweight for Windows 32 and 64.  You should use it to instrument only modules of interest, and it adds very little overhead. I haven't played with it yet but I am very excited to (when I have two minutes to rub together).


Hope you are all safe. Weird stuff going on, and us in tech are well positioned to make changes in the world.  Stop and think before you choose a direction.



Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites