recentpopularlog in

vulnerability

« earlier   
Strengths Become Vulnerabilities: How a Digital World Disadvantages the United States in Its International Relations - Lawfare
“[constituent] elements of U.S. society—a commitment to free speech, privacy and the rule of law; innovative technology firms; relatively unregulated markets; and deep digital sophistication—create asymmetric vulnerabilities that foreign adversaries, especially authoritarian ones, can exploit. These asymmetrical vulnerabilities might explain why the United States so often appears to be on the losing end of recent cyber operations and why U.S. attempts to develop and implement policies to enhance defense, resiliency, response or deterrence in the cyber realm have been ineffective.”
ruleoflaw  democracy  freespeech  vulnerability  via:bruceschneier  security 
yesterday by danhon
TLBleed - VUSec
Hyper-threading でサイドチャネル攻撃か。
cpu  vulnerability  security 
yesterday by summerwind
anchore/anchore-engine - Docker Hub
The Anchore Engine is an open source project that provides a centralized service for inspection, analysis and certification of container images.
docker  container  security  netsec  infosec  vulnerability  scanner 
11 days ago by agius
The Tale of SettingContent-ms Files – Posts By SpecterOps Team Members
This is why attackers have resorted to Object Linking and Embedding (OLE), ZIP files, etc. To combat the file delivery vector, Office 2016 introduced blocking all of the “dangerous” file formats from being embedded via OLE by default. This reduces the effectiveness of one of the most relied upon payload delivery methods

I stumbled across the “.SettingContent-ms” file type. This format was introduced in Windows 10 and allows a user to create “shortcuts” to various Windows 10 setting pages. These files are simply XML and contain paths to various Windows 10 settings binaries.

As you can see, with Office 2016’s OLE block rule and ASR’s Child Process Creation rule enabled, .SettingContent-ms files combined with “AppVLP.exe” in the Office folder allow us to circumvent these controls and execute arbitrary commands.

While Office documents are often marked with MOTW and are opened in the Protected View Sandbox, there are file formats that allow OLE and aren’t triggered by the Protected View sandbox. You can find more on that here.

6/4/2018: MSRC responded with a note that the severity of the issue is below the bar for servicing and that the case will be closed.
microsoft  office  vulnerability 
13 days ago by bwiese
Cisco Removes Backdoor Account, Fourth in the Last Four Months
Harcoded SNMP community string
This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.
cisco  vulnerability  cybersecurity  snmp 
13 days ago by bwiese
k'eguro on Twitter: "One of my favorite pieces of recent political writing Danai Mupotsa, "An open love letter to my comrade bae" https://t.co/JcDew7Wkzs"
"One of my favorite pieces of recent political writing

Danai Mupotsa, "An open love letter to my comrade bae"

https://www.thedailyvox.co.za/an-open-love-letter-to-my-comrade-bae-or-at-least-32-reasons-why-i-see-you/

I love the many ways this writing imagines being in struggle together. I love how it embodies those who dream and struggle.

I love the forms of labor it sees: the cooking, the cleaning, the dreaming, the screaming.

I love how it thinks about fear and vulnerability.

I love how it thinks about ordinary practices of care and pleasure. How it thinks about seeing and being seen."
danaimupotsa  keguromacharia  struggle  solidarity  cleaning  dreaming  cooking  vulnerability  pleasure  care  caring  caretaking  seeing  beingseen  being  togetherness  2018 
15 days ago by robertogreco

Copy this bookmark:





to read