[SECHebdo] 16 juin 2020

Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio: Au sommaire de cette émission : Todo (00:01:30) Notre discord : http://discord.comptoirsecu.fr A bientôt pour d’autres émissions/podcasts! Liste des sources : Corner vuln Twitter thread CROSSTalk - VUSec Ripple20 - JSOF https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May Vulnerability Summary for the Week of June 8, 2020 | CISA Published | Zero Day Initiative Vulnerabilities and Coordinated Disclosure | X41 D-SEC GmbH Symantec Endpoint Protection (SEP) 14.2 RU2 Elevation of Privileges (CVE-2020-5837) - REDYOPS Labs 6 New Vulnerabilities Found on D-Link Home Routers Congress asks Juniper for the results of its 2015 NSA backdoor investigation | ZDNet Threat vector: GTP. Vulnerabilities in LTE and 5G networks 2020 https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation Adobe Security Bulletins and Advisories SOHO Device Exploitation SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost - ZecOps Blog Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162) - Red Timmy Security Wikileaks taskforce report partially released https L’arrivée des breachtortion You’ve heard of sextortion – now there’s “breachstortion”, too – Naked Security Sextortion to The Next Level De beaux schémas pour le DDoS par amplification Reflection Amplification Vectors: a Chronology - Link11 Focus Covid, ou lave-toi les mains ? Exploiting a crisis: How cybercriminals behaved during the outbreak - Microsoft Security Threat Hunting Threat Hunting Whitepaper F-Secure