Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Aug 08, 2024

Security Week ☛ GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU

Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.

Krebs On Security ☛ Cybercrime Rapper Sues Bank over Fraud Investigation

In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. The subject of that piece, a 22-year-old Kentucky man, is now brazenly suing his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation.

Kernel Space

William Liu ☛ corCTF 2024: Its Just a Dos Bug Bro - Leaking Flags from Filesystem with Spectre v1

Following the theme of corCTF 2023, I wanted to release another exploitation challenge that connects kernel internals and modern x86_64 micro-architectural attacks. For this year, the players were presented with the following new syscall on Linux version 6.9.0.