From Security Weekly Wiki
Jump to navigationJump to search


  1. DIY: Hunting Azure Shadow Admins Like Never Before
  2. Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
  3. CVE-2020-8163
  4. Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
  5. Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
  6. Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
  7. GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
  8. Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
  9. Offensive Security Acquires Cybersecurity Training Project VulnHub
  10. 11 Tips And Tricks To Write Better Python Code
  11. Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
  12. The Age of Mass Surveillance Will Not Last Forever
  13. BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
  14. Hackers Broke Into Real News Sites to Plant Fake Stories
  15. New tool detects shadow admin accounts in AWS and Azure environments
  16. The Garmin Ransomware Hack Is Horrifying
  17. New Features in Python 3.9