New Chrome 0-day Under Active Attacks – Update Your Browser Now
If you are using Google Chrome, update it ASAP, a zero-day was found in the Freetype library. CVE Related CVE-2020-15999.
Source: https://thehackernews.com/2020/10/chrome-zeroday-attacks.html
French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected
Huge attack on a French IT company with active directory pwnage. If even those companies are not safe, it is a sad news for all the others not having a team focusing on this topic.
Source: https://securityaffairs.co/wordpress/109917/cyber-crime/sopra-steria-ryuk-ransomware.html
UK’s COVID-19 app security bug fix process
Nice article explaining how the COVID-19 app team managed to mitigate a security issue reported in their app. Interesting to see that this priority was clearly set, I don’t see it often…
Source: https://www.ncsc.gov.uk/blog-post/bugs-happen-be-ready-to-fix-them
Other news/tools I found interesting and want to follow:
- https://github.com/bunkerity/bunkerized-nginx hardened NGINX
- https://www.forbes.com/sites/kateoflahertyuk/2020/10/24/4-things-to-know-about-password-security Another post about how important different password per services are (use password manager!)
- https://catharsis.net.au/blog/basic-buffer-overflow-guide/ Nice introduction to buffer overflow and how to use it (to keep for CTF 🙂 )
- https://www.youtube.com/watch?v=NuRWqkTJg9U&feature=youtu.be some Mr Robot hack explained, nice for non-tech wanting to check the show credibility
Leave a Reply