Several lockscreen-related vulnerabilities this week, a cross-site leak,  and the hijacking of all .cd domains.  

One important thing to mention about this weeks episode that was  neglected during the discussion is that the BitLocker Lockscreen Bypass  is a lockscreen bypass. It does not necessarily provide access to data  Bitlocker protects. If Bitlocker is being run in "transparent operation  mode" where the ability to login is all that is necessary to decrypt  data, then this vulnerability can grant access to encrypted data.

[00:00:00] Introduction

https://dayzerosec.com/

[00:00:59] Slayer Labs

https://slayerlabs.com/

[00:12:03] BugTraq Shutdown

https://seclists.org/bugtraq/2021/Jan/0

[00:17:22] Data Security on Mobile Devices

https://securephones.io/

[00:27:08] Running a fake power plant on the internet for a month

https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa

[00:33:43] BitLocker Lockscreen bypass

https://secret.club/2021/01/15/bitlocker-bypass.html

[00:39:30] [Linux Mint] Screensaver lock by-pass via the virtual keyboard

https://github.com/linuxmint/cinnamon-screensaver/issues/354

[00:43:02] [NextCloud] Bypassing Passcode/Device credentials

https://hackerone.com/reports/747726

[00:51:02] How I hijacked the top-level domain of a sovereign state

https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/

[01:00:28] Laravel <= v8.4.2 debug mode: Remote code execution

https://www.ambionics.io/blog/laravel-debug-rce

[01:05:47] Leaking silhouettes of cross-origin images

https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/

[01:10:36] Escaping VirtualBox 6.1: Part 1

https://secret.club/2021/01/14/vbox-escape.html

[01:17:15] Hunting for Bugs in Windows Mini-Filter Drivers

https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html

[01:18:33] Project Zero: Introducing the In-the-Wild Series

https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör dayzerosec. Innehållet i podden är skapat av dayzerosec och inte av, eller tillsammans med, Poddtoppen.