From Security Weekly Wiki
Jump to navigationJump to search
no edit summary
#[ Rapid7 Metasploit Framework msfvenom APK Template Command Injection] - Irony: ''This Metasploit module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions 6.0.11 and below and Metasploit Pro versions 4.18.0 and below.''
#[ The Sad State of Two-Factor Authentication in U.S. Banking] - Neat site: (List of websites and whether or not they support 2FA.)
#[ Container Security Threats]- Good high-level article. There is this: ''Least privilege: You can give different containers different sets of privileges, each minimized to the smallest set of permissions it needs to fulfill its function.'' There is a lot to unpack in that one sentence as there are many sets of privileges (the container user, file system permission, capabilities, AppArmor, Seccomp, etc...).
#[ The Security Failures of Online Exam Proctoring - Schneier on Security]
#[ DNS cache poisoning, the Internet attack from 2008, is back from the dead]


Navigation menu