The US has opted to make the first strike be cyber and not kinetic against Iran for shooting down an unmanned drone. This just goes to show you that cyber-warfare is here to stay.
OWASP has just release their latest version of the Zed Attack Proxy (ZAP or ZAProxy for short) intercepting proxy. This is an open source and free competitor to PortSwigger’s BurpSuite. I have taken the liberty of cloning the repo and you can find it here:
You can also download their pre-compiled installers for Windows, macOS and Linux here:
Reading the write up on this vulnerability and current PoC exploits it looks like this is at most an annoying DoS that won’t lead to remote code execution at least:
Microsoft just released a beta version of Windows Subsystem for Linux (WSL) v2 which accelerates the Linux performance in Windows by using parts of Hyper-V underneath the hood.
I was just made me aware of some awesome open source efforts for doing car hacking with a CAN bus virtually. Check out the article here:
I have already taken the liberty of forking the underlying CAN bus GitHub repo:
Thank you IAmSecurity for making me aware of this!
If you are using any major Linux distribution you should patch now. There’s a remotely exploitable condition in any Linux Kernel (such as Fedora, Debian, Ubuntu, and others) that is prior to 5.0.8. It’s got the potential for being exploitable, but thankfully it’s fairly difficult the gain code execution but not impossible.
Microsoft has issued a warning regarding a pre-auth bug that could potentially be used for another worm, like WannaCry. It affects Windows XP-8.1 clients and Windows Server 2003-2008R2.
Looks like Vodaphone considered having a telnet server running as a backdoor in the initial reporting by Bloomberg. All the same though, using Huawei devices as infrastructure of a 5G cellular network gives another nation state access to some potentially sensitive data and they would have the ability to remotely tamper with it. As more and more people rely on high speed cellular networks this is still a bad idea!