Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
GPU Sidechannels; Compromised Routers; More libwebp Confusion; Fake Dependabot
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/8678.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 11th - Dec 16th 2023 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 8th - Jan 13th 2024 |
Interested in Internet Storm Center stickers? Check here if there are still some available for today.
GPU Sidechannel Attack
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Router Firmware Compromised for Persistent Access
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
More libwebp vulnerability confusion
https://www.cve.org/CVERecord?id=CVE-2023-5129
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/
Fake Dependabot Commits
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Router Firmware Compromised for Persistent Access
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
More libwebp vulnerability confusion
https://www.cve.org/CVERecord?id=CVE-2023-5129
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/
Fake Dependabot Commits
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 11th - Dec 16th 2023 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 8th - Jan 13th 2024 |