Show Notes

26 - Return of the Zombieload, Bezos Hacked, and other exploits

00:01:41
Pwn2Own Miami 2020
00:06:41
Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone
Additional Links: https://twitter.com/dinodaizovi/status/1221324029841244161
00:11:33
Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..."
00:25:57
More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks
Additional Links: https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b
00:31:42
MDHex Vulnerabilities
00:43:04
JSSE Client Authentication Bypass (CVE-2020-2655)
00:55:46
Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363)
00:58:42
ModSecurity Denial of Service (CVE-2019-19886)
01:02:56
GGvulnz - How I hacked hundreds of companies through Google Groups
01:09:23
Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857)
01:14:48
arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork
01:19:02
Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142)
01:21:43
iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615)
Additional Links: https://github.com/HE-Wenjian/iGPU-Leak/blob/master/iGPU-Leak_Slides.pdf
01:28:50
Information Leaks via Safari's Intelligent Tracking Prevention
01:39:11
GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems
01:44:55
Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups
01:49:35
The Life of a Bad Security Fix
01:51:31
macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image