From Security Weekly WikiJump to navigationJump to search
- DIY: Hunting Azure Shadow Admins Like Never Before
- Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
- Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
- Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
- Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
- GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
- Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
- Offensive Security Acquires Cybersecurity Training Project VulnHub
- 11 Tips And Tricks To Write Better Python Code
- Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
- The Age of Mass Surveillance Will Not Last Forever
- BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
- Hackers Broke Into Real News Sites to Plant Fake Stories
- New tool detects shadow admin accounts in AWS and Azure environments
- The Garmin Ransomware Hack Is Horrifying
- New Features in Python 3.9