Episode #23

Posted on
apt kubernetes nss poolparty xsleak

Google Cybersecurity Action Team discussed how Cloud resources are commonly exploited for coin mining. 1

Google Project Zero team discussed the lesson learned from finding a low-hanging fruit in the extensively fuzzed NSS library. 2

Race conditions seems to be a popular attack surface in kubernetes. 3

A new kind of browser side channel attack surface, XS-Leak, is gathering critical mass. 4

Pool party attack is something similar to XS-Leak, yet claimed to be more practical. 5

1. Coin mining, ransomware, APTs target cloud: GCAT report | Google Cloud Blog (cloud.google.com)

See also:

2. Project Zero: This shouldn't have happened: A vulnerability postmortem (googleprojectzero.blogspot.com)

See also:

3. Google Online Security Blog: Exploring Container Security: A Storage Vulnerability Deep Dive (security.googleblog.com)

See also:

4. XSinator - XS-Leak Browser Test Suite (xsinator.com)

See also:

5. Preventing Pool-Party Attacks | Brave Browser (brave.com)

See also: