Collaborate Disseminate
You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change. The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of …read more
Continue reading This Week in Security: Ubiquiti, Nissan, Zyxel, and Dovecot
Android has released it’s monthly round of security updates, and there is one patched bug in particular that’s very serious: CVE-2021-0316. Few further details are available, but a bit of sleuthing finds the code change that fixes this bug.
Fix potential OOB write in libbluetooth …read more
Check event id if of
Continue reading This Week in Security: Android Bluetooth RCE, Windows VMs, and HTTPS Everywhere
Merry Christmas and happy holidays! I took Christmas day off from writing the security roundup, coming in a day early with this week’s installment, dodging New year’s day. The SolarWinds story has continued to dominate the news, so lets dive into it a bit deeper.
Microsoft has published their analysis …read more
The big story this week is Solarwinds. This IT management company supplies network monitoring and other security equipment, and it seems that malicious code was included in a product update as early as last spring. Their equipment is present in a multitude of high-profile networks, like Fireeye, many branches of …read more
Continue reading This Week in Security: SolarWinds and FireEye, WordPress DDoS, And Enhance!
There’s a VMWare problem that’s being exploited in the wild, according to the NSA (PDF). The vulnerability is a command injection on an administrative console. The web host backing this console is apparently running as root, as the vulnerability allows executing “commands with unrestricted privileges on the underlying operating system.” …read more
Continue reading This Week in Security: VMWare, Microsoft Teams, Python Fuzzing, and More
On Tuesday, December 8th, Red Hat and CentOS announced the end of CentOS 8. To be specific, CentOS 8 will reach end of life at the end of 2021, 8 years ahead of schedule. To really understand what that means, and how we got here, it’s worth taking a trip …read more
I hope everyone had a wonderful Thanksgiving last week. My household celebrated by welcoming a 4th member to the family. My daughter was born on Wednesday morning, November 25th. And thus explains what I did last week instead of writing the normal Hackaday column. Never fear, we shall catch up …read more
Continue reading This Week in Security: iOS Wifi Incantations, Ghosts, and Bad Regex
One of the big stories from the past few days is the return of DNS cache poisoning. The new attack has been dubbed SADDNS, and the full PDF whitepaper is now available. When you lookup a website’s IP address in a poisoned cache, you get the wrong IP address.
This …read more
Continue reading This Week in Security: SAD DNS, Incident Documentation Done Well, and TCL Responds
Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution …read more
Continue reading This Week in Security: Platypus, Git.bat, TCL TVs, and Lessons From Online Gaming
Most of the stories from this week are vulnerabilities dropped before fixes are available, many of them actively being exploited. Strap yourselves in!
The first is CVE-2020-17087, an issue in the Windows Kernel Cryptography Driver. The vulnerable system calls are accessible from unprivileged user-space, and potentially even …read more
Continue reading This Week in Security: In the Wild, Through Your NAT, and Brave