![Day[0] artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts123/v4/e6/4a/24/e64a2476-975c-a47f-7c57-e3f5e459b0d6/mza_8955790230498800267.jpg/100x100bb.jpg)
Return of the Zombieload, Bezos Hacked, and other exploits
Day[0]
English - January 27, 2020 23:00 - 1 hour - 106 MB - ★★★★ - 5 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security.
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
[00:01:33] Pwn2Own Miami 2020
[00:06:32] Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone
https://twitter.com/dinodaizovi/status/1221324029841244161
[00:11:25] Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..."
[00:25:49] More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b
[00:31:34] MDHex Vulnerabilities
[00:42:55] JSSE Client Authentication Bypass (CVE-2020-2655)
[00:55:37] Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363)
[00:58:34] ModSecurity Denial of Service (CVE-2019-19886)
[01:02:47] GGvulnz - How I hacked hundreds of companies through Google Groups
[01:09:14] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857)
[01:14:40] arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork
[01:18:54] Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142)
[01:21:35] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615)
[01:28:41] Information Leaks via Safari's Intelligent Tracking Prevention
[01:39:02] GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems
[01:44:46] Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups
[01:49:26] The Life of a Bad Security Fix
[01:51:22] macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image