New Chrome 0-day Under Active Attacks – Update Your Browser Now
If you are using Google Chrome, update it ASAP, a zero-day was found in the Freetype library. CVE Related CVE-2020-15999.
French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected
Huge attack on a French IT company with active directory pwnage. If even those companies are not safe, it is a sad news for all the others not having a team focusing on this topic.
UK’s COVID-19 app security bug fix process
Nice article explaining how the COVID-19 app team managed to mitigate a security issue reported in their app. Interesting to see that this priority was clearly set, I don’t see it often…
Other news/tools I found interesting and want to follow:
- https://github.com/bunkerity/bunkerized-nginx hardened NGINX
- https://www.forbes.com/sites/kateoflahertyuk/2020/10/24/4-things-to-know-about-password-security Another post about how important different password per services are (use password manager!)
- https://catharsis.net.au/blog/basic-buffer-overflow-guide/ Nice introduction to buffer overflow and how to use it (to keep for CTF 🙂 )
- https://www.youtube.com/watch?v=NuRWqkTJg9U&feature=youtu.be some Mr Robot hack explained, nice for non-tech wanting to check the show credibility