Events Related DefCamp– def.campResources McAfee Virus Scan for Linux – state.actor A system running Intel’s McAfee VirusScan Enterprise for Linux can be compromised by remote attackers due to a number of security vulnerabilities. Some of these vulnerabilities can be chained together to allow remote code execution as root. Techniques Practical Reverse Engineering Part 5 – Digging Through the Firmware – jcjc-dev.com In part 4 we extracted the entire firmware from the router and decompressed it. As I explained then, you can often get most of the firmware directly from the manufacturer’s website: Firmware upgrade binaries often contain partial or entire filesystems, or even entire firmwares. XNU kernel UaF due to lack of locking in set_dp_control_port – bugs.chromium.org set_dp_control_port is a MIG method on the host_priv_port so this bug is a root->kernel escalation. macOS FileVault2 Password Retrieval – blog.frizk.net macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. Vulnerabilities Bluetooth-enabled safe lock popped after attackers win PINs – theregister.co.uk Attackers can locate and pop safes protected with high security commercial locks thanks to poor Bluetooth implementations, say researchers at Somerset Recon say. 0day drive-by exploit against Fedora If you run a mainstream distribution of Linux on a desktop computer, there’s a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you’re running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by. 0-days hitting Fedora and Ubuntu open desktops to a world of hurt – arstechnica.com Redux: compromising Linux using… SNES Ricoh 5A22 processor opcodes?!– scarybeastsecurity.blogspot.com Other News FBI Arrests Customer of Xtreme Stresser DDoS-for-Hire Service – bleepingcomputer.com The FBI arrested this past week Sean Krishanmakoto Sharma, 26, from La Canada, California, for launching DDoS attacks against Chatango, an online chat service.
The post Week 51 In Review – 2016 appeared first on Infosec Events.
from Week 51 In Review – 2016
No comments:
Post a Comment