Last December, in a talk at 36th Chaos Communication Congress, Samuel Groß presented a technical report about the infamous iOS vulnerability that allowed remote code execution on all iDevices up to iOS 12.4, within a couple of minutes and without user interaction.

A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs.

Just few words (and links) about this hot topic.

Starting from this week, I’m going to start a recostructing of WeeklyRoundup (and also the whole blog): less images, more content! (…and, yes! Star Trek: Picard is awesome!)

The SIM hijacking, also know as SIM swapping, is an attack where a criminal contacts the cell phone provider of a target user, and convinces it (sometimes involving employees of the phone company) to switch target’s account to a SIM that he control.
Since smartphones are often used as a security measure/verification system, this allows the fraudster to take over accounts of the target.

In a previous article [1], I’ve started to talk about DevSecOps and the concept of “shifting left” security.
In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person in every scrum team, the so-called “Security Champions“.

The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.

Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor.

Just some stuff i read in the last seven days…

Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows’ crypto library.