Google Cybersecurity Action Team discussed how Cloud resources are commonly exploited for coin mining. 1
Google Project Zero team discussed the lesson learned from finding a low-hanging fruit in the extensively fuzzed NSS library. 2
Race conditions seems to be a popular attack surface in kubernetes. 3
A new kind of browser side channel attack surface, XS-Leak, is gathering critical mass. 4
Pool party attack is something similar to XS-Leak, yet claimed to be more practical. 5
Footnotes
1. Coin mining, ransomware, APTs target cloud: GCAT report | Google Cloud Blog (cloud.google.com)
See also:
2. Project Zero: This shouldn't have happened: A vulnerability postmortem (googleprojectzero.blogspot.com)
See also:
3. Google Online Security Blog: Exploring Container Security: A Storage Vulnerability Deep Dive (security.googleblog.com)
See also:
4. XSinator - XS-Leak Browser Test Suite (xsinator.com)
See also:
- 14 new attacks on web browsers detected - Newsportal - Ruhr-Universität Bochum (news.rub.de)
- XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers (xsinator.com)
- Introduction | XS-Leaks Wiki (xsleaks.dev)
- 14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers (thehackernews.com)
5. Preventing Pool-Party Attacks | Brave Browser (brave.com)
See also: