Security Leftovers
Security Week ☛ GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.
Krebs On Security ☛ Cybercrime Rapper Sues Bank over Fraud Investigation
In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. The subject of that piece, a 22-year-old Kentucky man, is now brazenly suing his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation.
Kernel Space
William Liu ☛ corCTF 2024: Its Just a Dos Bug Bro - Leaking Flags from Filesystem with Spectre v1
Following the theme of corCTF 2023, I wanted to release another exploitation challenge that connects kernel internals and modern x86_64 micro-architectural attacks. For this year, the players were presented with the following new syscall on Linux version 6.9.0.
