Day[0]

Return of the Zombieload, Bezos Hacked, and other exploits

Listen Later

This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security.

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

  • [00:01:33] Pwn2Own Miami 2020

  • [00:06:32] Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone

    • https://twitter.com/dinodaizovi/status/1221324029841244161

  • [00:11:25] Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..."

  • [00:25:49] More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks

    • https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b

  • [00:31:34] MDHex Vulnerabilities

  • [00:42:55] JSSE Client Authentication Bypass (CVE-2020-2655)

  • [00:55:37] Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363)

  • [00:58:34] ModSecurity Denial of Service (CVE-2019-19886)

  • [01:02:47] GGvulnz - How I hacked hundreds of companies through Google Groups

  • [01:09:14] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857)

  • [01:14:40] arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork

  • [01:18:54] Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142)

  • [01:21:35] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615)

  • [01:28:41] Information Leaks via Safari's Intelligent Tracking Prevention

  • [01:39:02] GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems

  • [01:44:46] Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups

  • [01:49:26] The Life of a Bad Security Fix

  • [01:51:22] macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image

    • ...more
    View all episodesView all episodes
    Download on the App Store
    Day[0]By dayzerosec
    • 4
    • 4
    • 4
    • 4
    • 4

    4

    10 ratings

    More shows like Day[0]

    View all
    Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

    Critical Thinking - Bug Bounty Podcast

    56 Listeners