SolarStorm Timeline: Details of the Software Supply-Chain Attack

The SolarStorm timeline summarized here is based on the information available to us and our direct experience defending against this threat.

unit42.paloaltonetworks.com

Muirey03(@Muirey03) 님 | 트위터

@Muirey03 님 언뮤트하기 @Muirey03 님 뮤트하기 팔로우 @Muirey03 님 팔로우하기 팔로잉 @Muirey03 님 팔로우 중 언팔로우 @Muirey03 님 언팔로우하기 차단됨 @Muirey03 님이 차단됨 차단 해제 @Muirey03님 차단 해

mobile.twitter.com

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

Critical flaws re-enabled DNS cache poisoning attack on Linux, Windows, macOS, and FreeBSD.

thehackernews.com

(영상) 테슬라 모델X 전자 제어 장치 몇 분만에 해킹 - 데일리시큐

“우리는 테슬라 모델X의 열쇠 고리를 무선으로 손상시키고 이를 완전히 제어할 수 있었다. 이후 유효한 잠금 해제 메시지를 얻어 차의 잠금 장치를 풀 수 있었다.”테슬라 모델X의 전자 제어 장

www.dailysecu.com

Credit card skimmer fills fake PayPal forms with stolen order info

A newly discovered credit card skimmer uses an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.

www.bleepingcomputer.com

Lazarus supply‑chain attack in South Korea | WeLiveSecurity

ESET research uncovers attempts to deploy Lazarus malware via a supply-chain attack that abuses genuine security software and stolen digital certificates.

www.welivesecurity.com

Researchers Public PoC for Docker Container Escape Bug

Researchers Public PoC for Docker Container Escape Bug. Flaw is patched in Docker version 19.03.1

www.infosecurity-magazine.com

CVE - CVE-2019-14271

20190725 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

cve.mitre.org

Breaking out of Docker via runC – Explaining CVE-2019-5736

Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed CVE-2019-5736, it affects Docker containers running in default settings and can be used by an attacker to gain

unit42.paloaltonetworks.com

Bad Binder: Android In-The-Wild Exploit

Posted by Maddie Stone, Project Zero Introduction On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-afte...

googleprojectzero.blogspot.com

1942 - project-zero - Project Zero - Monorail

bugs.chromium.org

[root@e13olf]# : i0t-pr0be - IoT Device Search & Default Credential Scanner

A Python 3 script to automate search via Shodan, save IoT device query results and also scan for their respective default credentials. The script utilizes two main APIs; Shodan & Python Selenium. Shodan Shodan membership allows you to get 100 query credits

www.e13olf.me

e13olf/i0t-pr0be

IoT device search and default credential scanner. Contribute to e13olf/i0t-pr0be development by creating an account on GitHub.

github.com

mozilla/geckodriver

WebDriver for Firefox. Contribute to mozilla/geckodriver development by creating an account on GitHub.

github.com

(CVE-2019-1356) Microsoft Edge - Local File Disclosure and Elevation of Privilege

Microsoft Edge - Local File Disclosure and EoP In this write up, I will be covering multiple bugs in the Edge (EdgeHTML) browser. The combination of these bugs will result in two distinct attacks, one being a local file disclosure and the other is an eleva

leucosite.com