- AppSec EU 2017 – www.youtube.com
- ICS/SCADA Systems for Penetration Testers: A Typical Engagement – blog.gdssecurity.com
It’s no secret that the devices that comprise process control systems are generally vulnerable to attack. This point has been made through endless research and has even been the subject of countless talks and trainings.
- Secure iOS application development – github.com
This guide is a collection of the most common vulnerabilities found in iOS applications. The focus is on vulnerabilities in the applications’ code and only marginally covers general iOS system security, Darwin security, C/ObjC/C++ memory safety, or high-level application security.
- Reliable discovery and exploitation of Java deserialization vulnerabilities – techblog.mediaservice.net
Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects.
Developers of Samba disclosed a critical vulnerability that affects the file sharing component. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows. The vulnerable component is the daemon that offers file sharing capabilities.
- Critical Vulnerability in Samba from 3.5.0 onwards – isc.sans.ed
- SambaCry – github.com
While EternalBlue was making all the headlines, we also landed an exploit module for the IIS ScStoragePathFromUrl bug (CVE-2017-7269) for Windows 2003 from the same dump. T
- ‘Thousands’ of known bugs found in pacemaker code – www.bbc.com
Pacemakers, insulin pumps and other devices in hospitals harbour security problems that leave them vulnerable to attack, two separate studies warn.