Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack

www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.. POC video https://www.youtube.com/watch?v=m-FUIZiRN5o. whitepaper

download.vusec.net/papers/blindside_ccs20.pdf

Leaky server exposes users of dating site network

www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/ Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.

How to enable DNS-over-HTTPS (DoH) on Windows

www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-on-windows/ DNS-over-HTTPS (DoH) allows DNS resolution to be performed via the HTTPS protocol rather than through the normal plain text DNS lookups.

You might be interested in …

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Daily NCSC-FI news followup 2019-09-24

New NetWire RAT Variant Being Spread Via Phishing www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. LookBack Forges Ahead: […]

Read More

Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.