This Week in Security – Page 2 – WindowsTechs.com

This Week in Security: Broken Shims, LassPass, and Toothbrushes?

Posted on February 9, 2024 by Jonathan Bennett

Linux has a shim problem. Which naturally leads to a reasonable question: What’s a shim, and why do we need it? The answer: Making Linux work wit Secure Boot, and …read more Continue reading This Week in Security: Broken Shims, LassPass, and Toothbrushes?→

This Week in Security: Glibc, Ivanti, Jenkins, and Runc

Posted on February 2, 2024 by Jonathan Bennett

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly …read more Continue reading This Week in Security: Glibc, Ivanti, Jenkins, and Runc→

This Week in Security: MOAB, Microsoft, and Printers

Posted on January 26, 2024 by Jonathan Bennett

This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here …read more Continue reading This Week in Security: MOAB, Microsoft, and Printers→

This Week in Security: Gitlab, VMware, and PixeFAIL

Posted on January 19, 2024 by Jonathan Bennett

There’s a Gitlab vulnerability that you should probably pay attention to. Tracked as CVE-2023-7028, this issue allows an attacker to specify a secondary email during a the password reset request. …read more Continue reading This Week in Security: Gitlab, VMware, and PixeFAIL→

This Week in Security: AI is Terrible, Ransomware Wrenches, and Airdrop

Posted on January 12, 2024 by Jonathan Bennett

So first off, go take a look at this curl bug report. It’s a 8.6 severity security problem, a buffer overflow in websockets. Potentially a really bad one. But, it’s …read more Continue reading This Week in Security: AI is Terrible, Ransomware Wrenches, and Airdrop→

This Week in Security: Bitwarden, Reverse RDP, and Snake

Posted on January 5, 2024 by Jonathan Bennett

This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to …read more Continue reading This Week in Security: Bitwarden, Reverse RDP, and Snake→

This Week in Security: Triangulation, ProxyCommand, and Barracuda

Posted on December 29, 2023 by Jonathan Bennett

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly …read more Continue reading This Week in Security: Triangulation, ProxyCommand, and Barracuda→

This Week in Security: Not a Vulnerability, BGP Bug Propogation, and Press Enter to Hack

Posted on September 1, 2023 by Jonathan Bennett

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice …read more Continue reading This Week in Security: Not a Vulnerability, BGP Bug Propogation, and Press Enter to Hack→

This Week in Security: TunnelCrack, Mutant, and Not Discord

Posted on August 18, 2023 by Jonathan Bennett

Up first is a clever attack against VPNs, using some clever DNS and routing tricks. The technique is known as TunnelCrack (PDF), and every VPN tested was vulnerable to one …read more Continue reading This Week in Security: TunnelCrack, Mutant, and Not Discord→

This Week in Security: It’s Con Season

Posted on August 11, 2023 by Jonathan Bennett

It must be Blackhat/DEFCON season. Up first in the storm of named vulnerabilities, we have Downfall. The PDF has the juicy details here. It’s quite similar to the Zenbleed issue …read more Continue reading This Week in Security: It’s Con Season→