Privilege Escalation in Ubuntu Linux (dirty_sock exploit) https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Update for runC available. Users running a privileged runC container are vulnerable to an attack where a specially crafted image can replace a binary on the system allow root access. More info: https://t.co/hMXUM5eJiX tweeted by @ubuntu_sec
We've update our post on 'How to leave Google' to include lots of @fdroidorg apps. What other #GoogleAlternatives would you like us to add? 😃💪 https://tutanota.com/blog/posts/how-to-leave-google-gmail
Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:
– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges
Interesting view on how to chose was you should read.
"An Incremental Architecture Approach to Building Systems", where/when does the monolith and microservices make sense.
Just in case anyone is interested in showing up:
How 2FA could have been used to maintain persistence of a stolen account, even after a password change, on major websites
Nice tutorial and explanation on using Vault to manage the SSH access to your machines:
How sloppy OPSEC gave researchers an inside look at the exploit industry
“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.
The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”
Bit by bit...
Nice post about managing remote teams
(Some) Kubernetes best security practices