"While connections made after connecting to a VPN on your iOS device are not affected by this bug, all previously established connections will remain outside the VPN's secure tunnel..."

bleepingcomputer.com/news/secu

"CVE-2020-10558 | Tesla Model 3 Vulnerability – Disable Autopilot Notifications, Speedometer, Web Browser, Climate Controls, Turn Signals, Nav, etc."

safekeepsecurity.com/about/cve

> Unless customized, Jinja2 is configured by Flask as follows: autoescaping is enabled for all templates ending in .html, .htm, .xml as well as .xhtml when using render_template().

bento.dev/blog/2020/bento-chec

If using flask pay special attention to this configuration.
In Django as far as I'm aware (after testing a bit), render/render_to_string always escapes the content.

"Mass account takeovers using HTTP Request Smuggling on slackb.com/ to steal session cookies"

hackerone.com/reports/737140

Very interesting bug report.

AMD – new side-channel attacks affecting CPUs from 2011 to 2019:

mlq.me/download/takeaway.pdf (PDF file)

– The L1D cache way predictor is exploited to access secret information.
– The attacks are named Collide+Probe and Load+Reload.

#AMD #CPU #vulnerability #security #infosec #cybersecurity

"A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME)."

"affects the Intel CSME boot ROM on all Intel chipsets and SoCs available today other than Ice Point (Generation 10). The vulnerability allows extracting the Chipset Key and manipulating part of the hardware key and the process of its generation"

blog.ptsecurity.com/2020/03/in

Show more
Social feed

This is a personal and private instance.