Episode #2022-08

Posted on

Members of Project Zero and the Google Cloud security team are releasing a technical report on a security review of AMD Secure Processor (ASP). 1

Researchers from Palo Alto Networks presented their findings on trampoline pods at the KubeCon EU 2022. 2

PwC Threat Intelligence documented the existence of BPFDoor. 3

A zero-day flaw in Microsoft Office is being abused in the wild to achieve arbitrary code execution on Windows systems. Microsoft has made its first reaction that there was no security issue. 4

The winners of the 2021 Google Cloud Platform (GCP) Vulnerability Rewards Program (VRP) Prize was announced. 5

1. Project Zero: Release of Technical Report into the AMD Security Processor (googleprojectzero.blogspot.com)
2. Google Online Security Blog: Privileged pod escalations in Kubernetes and GKE (security.googleblog.com)
3. BPFDoor — an active Chinese global surveillance tool | by Kevin Beaumont | May, 2022 | DoublePulsar (doublepulsar.com)
4. Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) | Malwarebytes (blog.malwarebytes.com)
5. Google Online Security Blog: Announcing the winners of the 2021 GCP VRP Prize (security.googleblog.com)