- DefCamp– def.campResources
- McAfee Virus Scan for Linux – state.actor
A system running Intel’s McAfee VirusScan Enterprise for Linux can be compromised by remote
attackers due to a number of security vulnerabilities. Some of these vulnerabilities can be chained
together to allow remote code execution as root.
- Practical Reverse Engineering Part 5 – Digging Through the Firmware – jcjc-dev.com
In part 4 we extracted the entire firmware from the router and decompressed it. As I explained then,
you can often get most of the firmware directly from the manufacturer’s website: Firmware upgrade
binaries often contain partial or entire filesystems, or even entire firmwares.
- XNU kernel UaF due to lack of locking in set_dp_control_port – bugs.chromium.org
set_dp_control_port is a MIG method on the host_priv_port so this bug is a root->kernel escalation.
- macOS FileVault2 Password Retrieval – blog.frizk.net
macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in
a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the
mac to access everything on it.
- Bluetooth-enabled safe lock popped after attackers win PINs – theregister.co.uk
Attackers can locate and pop safes protected with high security commercial locks thanks to poor
Bluetooth implementations, say researchers at Somerset Recon say.
- 0day drive-by exploit against Fedora
If you run a mainstream distribution of Linux on a desktop computer, there’s a good chance security
researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially
crafted music file. And in the event you’re running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.
- 0-days hitting Fedora and Ubuntu open desktops to a world of hurt – arstechnica.com
- Redux: compromising Linux using… SNES Ricoh 5A22 processor opcodes?!– scarybeastsecurity.blogspot.com
FBI Arrests Customer of Xtreme Stresser DDoS-for-Hire Service – bleepingcomputer.com
- The FBI arrested this past week Sean Krishanmakoto Sharma, 26, from La Canada, California, for
launching DDoS attacks against Chatango, an online chat service.