Epic Games and Fortnite are in InfoSec news again, but this time for a security faux pas. Epic released Fortnite for Android independently, without using Google's Play marketplace. Google researchers, in turn, quickly found a security vulnerability in this installer, and responsibly disclosed it to Epic. While this flaw is fixed, Epic seems to have an issue with how quickly … [Read more...]
Foreshadow, the Latest Intel-Specific Vulnerability
Intel’s Core and Xeon line of processors are prone to another major speculative execution flaw named “Foreshadow,” alternatively called L1 Terminal Fault or L1TF. This attack could allow attackers to gain access to sensitive data stored in a computer’s memory or 3rdparty Clouds, which includes files, encryption keys, pictures, or even passwords. Speculative execution refers to … [Read more...]
New Apache Struts RCE Vulnerability – Daily Security Byte
Remember the Equifax breach? That breach was caused by a just previously disclosed remote code execution (RCE) vulnerability in Apache Struts. Guess what! There's another one. In today's video, I warn you about a newly disclosed RCE vulnerability in Apache Struts, which was discovered by a security research from Semmle. If you use Apache Struts, you're going to want to patch … [Read more...]
Intel CPU Vulnerability: Lazy FP State Restore
A few weeks ago, Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) reported a vulnerability in Intel Core-based CPUs, very similar to the recent Meltdown exploits. For those not familiar, the CPU is the piece of hardware that handles the processing for an entire computer system. Thus, a vulnerability in that component puts the … [Read more...]
aLTEr Attack – Daily Security Byte
Wow, it's been a long time. If you've followed the Daily Security Bytes over the years, you've probably wondered where the videos have been. As mentioned in a previous video, I was traveling for a month for WatchGuard, and wasn't sure if I would be able to do regular videos during that time. In fact, that trip's aggressive schedule made it hard to do any videos at all. When … [Read more...]