Return of the Zombieload, Bezos Hacked, and other exploits
Day[0] - Un pódcast de dayzerosec
Categorías:
This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security.
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
- [00:01:33] Pwn2Own Miami 2020
- [00:06:32] Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone
- [00:11:25] Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..."
- [00:25:49] More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks
- [00:31:34] MDHex Vulnerabilities
- [00:42:55] JSSE Client Authentication Bypass (CVE-2020-2655)
- [00:55:37] Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363)
- [00:58:34] ModSecurity Denial of Service (CVE-2019-19886)
- [01:02:47] GGvulnz - How I hacked hundreds of companies through Google Groups
- [01:09:14] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857)
- [01:14:40] arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork
- [01:18:54] Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142)
- [01:21:35] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615)
- [01:28:41] Information Leaks via Safari's Intelligent Tracking Prevention
- [01:39:02] GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems
- [01:44:46] Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups
- [01:49:26] The Life of a Bad Security Fix
- [01:51:22] macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image