Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack

www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.. POC video https://www.youtube.com/watch?v=m-FUIZiRN5o. whitepaper

download.vusec.net/papers/blindside_ccs20.pdf

Leaky server exposes users of dating site network

www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/ Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.

How to enable DNS-over-HTTPS (DoH) on Windows

www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-on-windows/ DNS-over-HTTPS (DoH) allows DNS resolution to be performed via the HTTPS protocol rather than through the normal plain text DNS lookups.

You might be interested in …

Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him. Microsoft quietly created a Windows 10 File Recovery tool, […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-02-06

Protecting users from insecure downloads in Google Chrome security.googleblog.com/2020/02/protecting-users-from-insecure_6.html Today were announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, well start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.