Difference between revisions of "Template:PSW645NewsPaul Asadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
(Added With Paul's Craptastic Python Script)
 
Line 1: Line 1:
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=2302&product_id=4023&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=16&sha=aac675f79ae1ea63f47056841b8c9baeb63abb46 Skype Technologies Skype : List of security vulnerabilities]
+
== Zoom Stories ==
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=2159&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=5&sha=eaf4b6819a7038a4bf199a982e6e9fcd75be320f Zoom : Security vulnerabilities]
 
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=16&product_id=18500&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=9&sha=533920763770262da6ce4a98755b003a3138081f Cisco Webex : List of security vulnerabilities]
 
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=8920&product_id=18729&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=3&sha=47717456ff7257c33b9762aa65d25ac65ad96762 Skype Skype : List of security vulnerabilities]
 
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=35646&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=6&sha=28ea2de57a8e8bc4ea4a2e30e6ffd7bb1f7eaa20 Microsoft Skype : List of security vulnerabilities]
 
 
#[https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/ Two Zoom Zero-Day Flaws Uncovered]
 
#[https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/ Two Zoom Zero-Day Flaws Uncovered]
 
#[https://www.securityweek.com/trojanized-zoom-apps-target-work-home-android-users Trojanized Zoom Apps Target Remote Workers | SecurityWeek.Com]
 
#[https://www.securityweek.com/trojanized-zoom-apps-target-work-home-android-users Trojanized Zoom Apps Target Remote Workers | SecurityWeek.Com]
#[https://www.schneier.com/blog/archives/2020/04/marriott_was_ha.html Marriott Was Hacked -- Again - Schneier on Security]
 
 
#[https://threatpost.com/zoom-removes-data-mining-linkedin-feature/154404/ Zoom Removes Data-Mining LinkedIn Feature]
 
#[https://threatpost.com/zoom-removes-data-mining-linkedin-feature/154404/ Zoom Removes Data-Mining LinkedIn Feature]
 
#[https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/ War Dialing Tool Exposes Zooms Password Problems  Krebs on Security]
 
#[https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/ War Dialing Tool Exposes Zooms Password Problems  Krebs on Security]
 
#[https://github.com/danigargu/CVE-2020-0796 CVE-2020-0796]
 
#[https://github.com/danigargu/CVE-2020-0796 CVE-2020-0796]
#[https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982 Uncovering OpenWRT remote code execution (CVE-2020-7982)]
 
 
#[https://www.vmray.com/cyber-security-blog/zoom-macos-installer-analysis-good-apps-behaving-badly/ Good Apps Behaving Badly: Zoom macOS Installer - VMRay]
 
#[https://www.vmray.com/cyber-security-blog/zoom-macos-installer-analysis-good-apps-behaving-badly/ Good Apps Behaving Badly: Zoom macOS Installer - VMRay]
 
#[https://www.vice.com/en_ca/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account Zoom iOS App Sends Data to Facebook Even if You Dont Have a Facebook Account]
 
#[https://www.vice.com/en_ca/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account Zoom iOS App Sends Data to Facebook Even if You Dont Have a Facebook Account]
 
#[https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!]
 
#[https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!]
 +
#[https://github.com/jitsi/docker-jitsi-meet Jitsi Meet on Docker] - We are testing this here, but only because we can control the network flows, e.g. we can stand up servers and clients and have them connect directly rather than bouncing through other people's servers. I have not done a security assessment yet. It was not security that drove us to test it out, in fact, I am worried about how tightly maintained WE can keep it, vs. having an entire team like Zoom or Microsoft.
 +
 +
== Non-Zoom Stories ==
 +
 +
#[https://www.helpnetsecurity.com/2020/04/01/cve-2020-7982/ Millions of routers running OpenWRT vulnerable to attack]
 +
#[https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982 Uncovering OpenWRT remote code execution (CVE-2020-7982)]
 +
#[https://www.schneier.com/blog/archives/2020/04/marriott_was_ha.html Marriott Was Hacked -- Again - Schneier on Security]
 
#[https://techcrunch.com/2020/04/01/zoom-doom/ Ex-NSA hacker drops new zero-day doom for Zoom  TechCrunch]
 
#[https://techcrunch.com/2020/04/01/zoom-doom/ Ex-NSA hacker drops new zero-day doom for Zoom  TechCrunch]
#[https://www.helpnetsecurity.com/2020/04/01/cve-2020-7982/ Millions of routers running OpenWRT vulnerable to attack - Help Net Security]
 
#[https://github.com/jitsi/docker-jitsi-meet Jitsi Meet on Docker]
 
 
#[https://www.digitaltrends.com/computing/nvidia-ampere-gpu-could-destroy-xbox-series-x/ Nvidia's Next-Generation GPUs Could Destroy Xbox Series X If Leaks Are True | Digital Trends]
 
#[https://www.digitaltrends.com/computing/nvidia-ampere-gpu-could-destroy-xbox-series-x/ Nvidia's Next-Generation GPUs Could Destroy Xbox Series X If Leaks Are True | Digital Trends]
 +
 +
== Video Chat Client Vulnerability History ==
 +
 +
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=2302&product_id=4023&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=16&sha=aac675f79ae1ea63f47056841b8c9baeb63abb46 Skype Technologies Skype : List of security vulnerabilities]
 +
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=2159&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=5&sha=eaf4b6819a7038a4bf199a982e6e9fcd75be320f Zoom : Security vulnerabilities]
 +
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=16&product_id=18500&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=9&sha=533920763770262da6ce4a98755b003a3138081f Cisco Webex : List of security vulnerabilities]
 +
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=8920&product_id=18729&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=3&sha=47717456ff7257c33b9762aa65d25ac65ad96762 Skype Skype : List of security vulnerabilities]
 +
#[https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=35646&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=6&sha=28ea2de57a8e8bc4ea4a2e30e6ffd7bb1f7eaa20 Microsoft Skype : List of security vulnerabilities]

Revision as of 21:25, 2 April 2020

Zoom Stories

  1. Two Zoom Zero-Day Flaws Uncovered
  2. Trojanized Zoom Apps Target Remote Workers | SecurityWeek.Com
  3. Zoom Removes Data-Mining LinkedIn Feature
  4. War Dialing Tool Exposes Zooms Password Problems Krebs on Security
  5. CVE-2020-0796
  6. Good Apps Behaving Badly: Zoom macOS Installer - VMRay
  7. Zoom iOS App Sends Data to Facebook Even if You Dont Have a Facebook Account
  8. Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
  9. Jitsi Meet on Docker - We are testing this here, but only because we can control the network flows, e.g. we can stand up servers and clients and have them connect directly rather than bouncing through other people's servers. I have not done a security assessment yet. It was not security that drove us to test it out, in fact, I am worried about how tightly maintained WE can keep it, vs. having an entire team like Zoom or Microsoft.

Non-Zoom Stories

  1. Millions of routers running OpenWRT vulnerable to attack
  2. Uncovering OpenWRT remote code execution (CVE-2020-7982)
  3. Marriott Was Hacked -- Again - Schneier on Security
  4. Ex-NSA hacker drops new zero-day doom for Zoom TechCrunch
  5. Nvidia's Next-Generation GPUs Could Destroy Xbox Series X If Leaks Are True | Digital Trends

Video Chat Client Vulnerability History

  1. Skype Technologies Skype : List of security vulnerabilities
  2. Zoom : Security vulnerabilities
  3. Cisco Webex : List of security vulnerabilities
  4. Skype Skype : List of security vulnerabilities
  5. Microsoft Skype : List of security vulnerabilities