Säkerhetspodcasten avs.88 - Ostrukturerat V.10

Lyssna

iTunes | mp3

Innehåll

Plugs plugs plugs! Och lite nyheter. Vault7, Cloudbleed, Struts - återkomsten, och mycket mer!

Inspelat: 2017-03-09. Längd: 00:50:15.

Länkar

Plugs

• Spring PUB SEC-T 28-April

• Säkerhetssnack http://fsecure.libsyn.com/website?utm_source=listennotes.com&utm_campaign=Listen+Notes&utm_medium=website

• SecurityFest https://securityfest.com/

• TÄVLINGEN

• http://insightevents.se/events/scada/

• SecuriTea http://foocafe.org/malmoe/events/1415-the-future-is-now-some-thoughts-on-the-business-of-security

• Jesper Cyberattack hur cybersäkrar jag mitt inbyggda system http://nohau.se/events/cyberattacker-hur-cybersakrar-jag-mitt-inbyggda-system/

• Kryptera https://kryptera.se/

Nyheter

:

• Vault7 https://en.wikipedia.org/wiki/Vault_7

• SHA-1 https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

• BitErrant http://www.securitynewspaper.com/2017/03/06/biterrant-attack/

• Struts https://struts.apache.org/docs/s2-045.html https://github.com/rapid7/metasploit-framework/issues/8064

• Cloudbleed https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

• Drupal 7.x Services module unserialize() to RCE https://www.ambionics.io/blog/drupal-services-module-rce

• Zero days: fulländat proffs exploit tar 22 dagar att utveckla efter sårbarhet hittad. 6.9 år lever en zero dat. I en zeroday stockpile bränns 6% exploits per år http://www.rand.org/pubs/research_reports/RR1751.html

• JTAG debug via USB3 ?!?  http://conference.hitb.org/hitbsecconf2017ams/sessions/commsec-intel-dci-secrets/  http://blog.asset-intertech.com/test_data_out/2016/04/new-closed-chassis-controller-gives-sourcepoint-quick-access-for-software-debug-on-intel-platforms-w.html