Events Related

  • Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws – securityweek.com
    On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an out-of-bounds issue in Mac OS X.

Resources

Tools

  • Nmap 7.10 released – nmap.org
    I’m pleased to announce the release of Nmap 7.10 with many great improvements! It’s got 12 new NSE scripts, hundreds of new OS/version fingerprints, and dozens if smaller improvements and bug fixes. And that’s not even counting the changes in Nmap 7.01, which we released in December but I never got around to announcing because I suck at marketing.
  • rop_compiler – github.com
    This repository contains my attempts at making a useful, open source, multi-architecture ROP compiler.

Vulnerabilities

  • Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” – arstechnica.com
    The paper, titled How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware, arrived at that conclusion by testing the integrity of dual in-line memory modules, or DIMMs, using diagnostic techniques that hadn’t previously been applied to finding the vulnerability.

Other News

TP-Link blocks open source router firmware to comply with new FCC rule – news.ycombinator.com