Changes

From Security Weekly Wiki
Jump to navigationJump to search
no edit summary
#[http://exploit.kitploit.com/2020/11/rapid7-metasploit-framework-msfvenom.html Rapid7 Metasploit Framework msfvenom APK Template Command Injection] - Irony: ''This Metasploit module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions 6.0.11 and below and Metasploit Pro versions 4.18.0 and below.''
#[https://medium.com/@andrewselig/the-sad-state-of-two-factor-authentication-in-u-s-banking-580b109fa2f3 The Sad State of Two-Factor Authentication in U.S. Banking] - Neat site: https://twofactorauth.org/ (List of websites and whether or not they support 2FA.)
#[https://medium.com/oreillymedia/container-security-threats-38649261fb4f Container Security Threats]- Good high-level article. There is this: ''Least privilege: You can give different containers different sets of privileges, each minimized to the smallest set of permissions it needs to fulfill its function.'' There is a lot to unpack in that one sentence as there are many sets of privileges (the container user, file system permission, capabilities, AppArmor, Seccomp, etc...).
#[https://www.schneier.com/blog/archives/2020/11/the-security-failures-of-online-exam-proctoring.html The Security Failures of Online Exam Proctoring - Schneier on Security]
#[https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ DNS cache poisoning, the Internet attack from 2008, is back from the dead]
7,886

edits

Navigation menu