Cov no yog cov yeej ntawm 2020 Pwnie Awards

Cov kev yeej ntawm Pwnie Awards txhua xyoo 2020 tau tshaj tawm, uas yog qhov kev tshwm sim muaj txiaj ntsig, nyob rau hauv uas cov neeg koom qhia qhov tseem ceeb tshaj plaws qhov muaj peev xwm thiab qhov ua tsis tau zoo nyob rau hauv kev ua haujlwm ntawm kev ruaj ntseg khoos phis tawm.

Pwnie Txiaj Ntsim paub txog ob qho kev ua tau zoo tshaj thiab kev tsis muaj peev xwm hauv lub teb cov ntaub ntawv kev ruaj ntseg. Cov yeej yog xaiv los ntawm pawg neeg saib xyuas kev lag luam kev nyab xeeb raws li kev xaiv tsa sau los ntawm cov ntaub ntawv kev ruaj ntseg hauv zej zog.

Cov khoom plig tau nthuav tawm txhua xyoo ntawm Dub Hat Security ConferenceCov. Pwnie Cov Khoom Plig tau suav tias yog qhov kev sib tw rau Oscars thiab Golden Raspberry Awards hauv kev ruaj ntseg khoos phis tawm.

Cov yeej saum toj kawg nkaus

Kev ua yuam kev zoo tshaj plaws

Muab khoom plig rau kev txheeb xyuas thiab kev siv ntau cov txheej txheem feem ntau cov txheej txheem ntawm cov txheej txheem thiab ntxim nyiam nyob hauv kev pabcuam network. Txoj kev yeej tau txais txiaj ntsig los ntawm kev txheeb xyuas qhov muaj teeb meem yooj yim CVE-2020-10188, uas tso cai rau cov chaw taws teeb tawm tsam ntawm cov khoom siv ua ke nrog firmware raws li Fedora 31 los ntawm kev ntas yeej txoj haujlwm hauv telnetd.

Cov kab uas zoo tshaj hauv software software

Cov yeej yog cov kws tshawb nrhiav uas txheeb xyuas qhov tsis zoo ntawm Samsung Android firmware, uas tso cai rau nkag mus rau lub cuab yeej los ntawm kev xa MMS yam tsis muaj tus neeg siv nkag.

Zoo dua escalation yooj yim

Kev yeej tau muab tsub rau txhawm rau txheeb xyuas qhov tsis zoo nyob rau hauv bootrom ntawm Apple iPhones, iPads, Apple Watches thiab Apple TV Raws li A5, A6, A7, A8, A9, A10 thiab A11 chips, tso cai rau koj kom tsis txhob muaj cov firmware jailbreak thiab teeb tsa cov haujlwm ntawm lwm cov haujlwm.

Qhov zoo tshaj plaws crypto nres

Muab khoom plig rau kev txheeb xyuas qhov muaj teeb meem loj tshaj plaws nyob hauv cov kab ke tiag, kev cai, thiab encryption algorithms. Qhov khoom plig tau muab rau kev txheeb xyuas lub Zerologon qhov tsis haum (CVE-2020-1472) hauv MS-NRPC raws tu qauv thiab AES-CFB8 crypto algorithm, uas tso cai rau tus tawm tsam kom tau cov thawj coj cov cai ntawm lub Windows lossis Samba domain controller.

Feem ntau cov kev tshawb fawb tshiab

Qhov khoom plig tau muab rau cov kws tshawb nrhiav uas tau qhia tias RowHammer kev tawm tsam tuaj yeem siv tiv thaiv DDR4 lub cim xeeb niaj hnub hloov pauv cov ntsiab lus ntawm ib leeg cov khoom ntawm dynamic random nkag nco (DRAM).

Cov Chaw Muag Khoom Uas Tsis Muaj Zog (Lamest Muag Khoom Teb)

Tso npe rau Cov Lus Teb Uas Tsis Tsim Nyog Tshaj Tawm rau qhov kev qhia tawm Pov Hwm Hauv Koj Cov Khoom Siv. Tus khiav yog mythical Daniel J. Bernstein, uas 15 xyoo dhau los tsis tau txiav txim siab nws loj thiab tsis daws qhov tsis muaj zog (CVE-2005-1513) hauv qmail, txij li nws cov kev siv dag zog yuav tsum muaj 64-ntsis system nrog ntau dua 4GB ntawm lub cim xeeb virtual Cov.

Tau 15 lub xyoos, 64-lub tshuab ntawm cov servers pabcuam raws li 32-ntsis, cov lej ntawm lub cim xeeb tau nce ntau, thiab vim li ntawd, ib qho kev siv tau tsim tau raug tsim uas yuav siv tau los tua cov tshuab nrog qmail hauv chaw teeb tsa.

Yuav luag txhua qhov chaw poob qis

Cov khoom plig tau muab rau qhov muaj qhov cuam tshuam yooj yim (CVE-2019-0151, CVE-2019-0152) ntawm Intel VTd / IOMMU mechanism, Qhov no tso cai rau koj hla txoj kev nco kev tiv thaiv thiab khiav code ntawm Cov Txheej Txheem Kev Tswj Xyuas (SMM) thiab Ntseeg Kev Ua Haujlwm Technology (TXT) qib, piv txwv li los hloov cov hauv paus hauv SMM. Qhov mob tsis sib haum ntawm qhov teeb meem tau ua rau pom loj dua qhov kev cia siab, thiab qhov tsis muaj zog tsis yooj yim txhim kho.

Feem ntau Epic FAIL yuam kev

Qhov khoom plig tau muab rau Microsoft rau qhov tsis muaj zog (CVE-2020-0601) hauv kev siv elliptic nkhaus digital kos npe uas tso cai rau tiam ntawm cov yuam sij ntiag tug raws li cov yuam sij rau pej xeem. Qhov teeb meem tau tso cai tsim ntawm forged TLS daim ntawv pov thawj rau HTTPS thiab cuav digital kos npe uas Windows tau txheeb xyuas qhov tseeb.

Kev ua tau zoo tshaj plaws

Cov khoom plig tau muab rau txhawm rau txheeb xyuas cov kab kev tsis raug zoo (CVE-2019-5870, CVE-2019-5877, CVE-2019-10567) uas tso cai rau kev hla txhua qib kev tiv thaiv ntawm Chromé browser thiab ua cov cai ntawm qhov system sab nraud ntawm sandbox ib puag ncig Cov. Qhov tsis yooj yim tau siv los ua kom pom qhov chaw nres nrawm ntawm Android ntaus ntawv kom nkag mus rau hauv paus.

Thaum kawg, yog tias koj xav paub ntau ntxiv txog cov neeg raug xaiv, koj tuaj yeem tshawb xyuas cov ntsiab lus Hauv txuas hauv qab no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.