Show more

"... a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required ..."

insinuator.net/2020/02/critica

CDPwn – 5 zero-day vulnerabilities in Cisco Discovery Protocol (CDP):

armis.com/cdpwn/

– Different Cisco products are vulnerable to denial of service attacks and remote code execution.
– See also kb.cert.org/vuls/id/261385/.
– CVE-2020-3110, CVE-2020-3111, CVE-2020-3118, CVE-2020-3119, CVE-2020-3120.

#cisco #cdp #zeroday #0day #vulnerability #infosec #security #cybersecurity

"Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access"

perimeterx.com/tech-blog/2020/

> Did you consider removing the installation and Google-specific tracking headers (x-client-data) that Google Chrome is sending to Google properties ?

> It's a unique ID to track a specific Chrome instance across all Google properties.

github.com/w3ctag/design-revie

TeamViewer stores user passwords encrypted, not hashed:

whynotsecurity.com/blog/teamvi

– The key and IV are publicly known and identical for all users.
– Privilege escalation is possible in certain cases (CVE-2019-18988).

#teamviewer #privilegeescalation #vulnerability #security #infosec #cybersecurity

[CVE-2019-14615]

"When an application uses the GPU, some private data inevitably get stored in GPU. We find the graphics driver fails to wipe them after the application finishes, so the data preserve in the GPU. Therefore, an attacker can run a GPU spyware to steal these private data."

github.com/HE-Wenjian/iGPU-Lea

Nice description of the "pledge()" and "unveil()" mechanisms, now available on 2 operating systems.

awesomekling.github.io/pledge-

Ohh... c'mon, its 2020 and we still have to use websites that do this kind of stuff 🤦‍♂️

Show more
Social feed

This is a personal and private instance.