Changes

From Security Weekly Wiki
Jump to navigationJump to search
#[https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ DNS cache poisoning, the Internet attack from 2008, is back from the dead] - ''The researchers’ paper, DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels, provides a far more detailed and technical description of the attack. They call the attack SAD DNS short for Side channel AttackeD DNS. The researchers privately provided their findings to DNS providers and software developers. In response, Linux kernel developers introduced a change that causes the rate limit to randomly fluctuate between 500 and 2,000 per second. Professor Qian said the fix prevents the new technique from working. Cloudflare introduced a fix of its own. In certain cases, its DNS service will fall back to TCP, which is much more difficult to spoof.''
#[https://www.zdnet.com/article/google-patches-two-more-chrome-zero-days/ Google patches two more Chrome zero-days] - Anonymous, riiiiight: ''These two bugs mark the fourth and fifth zero-days that Google has patched in Chrome over the past three weeks. The difference this time is that while the first three zero-days were discovered internally by Google security researchers, these two new zero-days came to Google's attention after tips from anonymous sources.'' Two new ones: ''CVE-2020-16013 - Described as an "inappropriate implementation in V8," where V8 is the Chrome component that handles JavaScript code. CVE-2020-16017 - Described as a "use after free" memory corruption bug in Site Isolation, the Chrome component that isolates each site's data from one another.'' Some folks have been reading: https://i.blackhat.com/USA-20/Wednesday/us-20-Park-NoJITsu-Locking-Down-JavaScript-Engines.pdf
#[https://www.securityweek.com/term-threat-intelligence-poisoned-it-does-not-mean-what-you-think-it-means The Term "Threat Intelligence" is Poisoned. It Does Not Mean What You Think it Means. | SecurityWeek] - You only really have to read this part: ''So, let’s start with Gartner’s definition of threat intelligence and go from there: “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” However, many equate this definition to external sources of threat data only. The assumption and filter is that threat intelligence equals external threat data. But what about internal data – the telemetry, content and data created by each layer in our security architecture which, by the way, is free? Re-read the Gartner definition.Com]It does not talk about external or internal data in the definition, instead focusing on knowledge and context.''
#[https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/ Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks]
#[https://akijosberryblog.wordpress.com/2020/11/08/yantra-manav-a-wormable-ssh-bot/ Yantra Manav A wormable SSH bot]
7,886

edits

Navigation menu