In continuation of the 2017 post on vulnerabilities, the new year started with a big security bang.
- Meltdown, affects mainly Intel and some ARM CPUs. AMD is unknown.
Spectre, affects all types of CPUs.
This is as bad as it can get. The root cause comes from speculative execution found in various microprocessors as a way to beat the superpipelined architecture.
- Cisco Smart Install, 20180409 Just turn off that thing if is not in use. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
- Apache Struts 2.0, Remote Code Execution , 20180822 https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/
- Facebook SSO – Facebook signon tokens were exposed and all websites using Facebook SSO are vulnerable. link A in-depth examination here. link
30 Aug 18 – Added Smart Install and Apache Struts
2 Oct 18- Added Facebook