Episode #14

Posted on

Location, Memory, Cosmos, Exchange, PAC

Robert Heaton disclosed the location tracking attack over Bumble.

Linux kernel 5.14 is released. The new syscall memfd_secret is included, which creates an anonymous file to access secret memory regions.

Wiz discovered an exploit, termed ChaosDB, that could take over Microsoft Azure Cosmos DB. About 30% of Cosmos DB customers are notified of the potential breach.

Trend Micro discussed ProxyToken vulnerability over Microsoft Exchange Server that could be used to forward emails to attackers.

Pac-Resolver, an NPM module that has 3 million downloads per week, has an RCE vulnerability as it used the NodeJS vm module as a sandbox.