Fuzzing, Azure, Malicious Actors, Trusted Cloud, Airtags
1. Fuzzing Closed-Source JavaScript Engines with Coverage Feedback (googleprojectzero.blogspot.com)
Related:
- Fuzzilli. A JavaScript Engine Fuzzer (github.com/googleprojectzero)
- TinyInst. A lightweight dynamic instrumentation library (github.com/googleprojectzero)
- Jackalope. Binary, coverage-guided fuzzer for Windows and macOS (github.com/googleprojectzero)
- CVE-2021-26419. Internet Explorer: Memory corruption in jscript9.dll related to scope of the arguments object (chromium.org)
- CVE-2021-31959. Internet Explorer: Memory corruption in jscript9.dll due to uninitialized Property ID array (chromium.org)
- CVE-2021-34480. Internet Explorer: Incorrect JIT optimization in jscript9.dll leading to memory corruption (chromium.org)
2. “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution (wiz.io)
Related:
- OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers (wiz.io)
- Mirai Botnet Exploiting OMIGOD Azure Vulnerability (darkreading.com)
- Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions (microsoft.com)
- CVE-2021-38647. Open Management Infrastructure Remote Code Execution Vulnerability (microsoft.com)
- CVE-2021-38648. Open Management Infrastructure Elevation of Privilege Vulnerability (microsoft.com)
- CVE-2021-38645. Open Management Infrastructure Elevation of Privilege Vulnerability) (microsoft.com)
- CVE-2021-38649. Open Management Infrastructure Elevation of Privilege Vulnerability (microsoft.com)
- Enhanced security. Github Microsoft/omi/commit (github.com/microsoft)
3. Financially motivated actor breaks certificate parsing to avoid detection (blog.google)
Related:
- TBD
4. Amazon, Google, Microsoft and other tech giants establish Trusted Cloud Principles (zdnet.com)
Related:
5. Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS) (medium.com/@bobbyrsec)
Related: