Cybersecurity News Roundup, August 12 - 18
Qrator

For those of you still now subscribed to the Cybersecurity Newsletter - the form is at the top of the page.

Best news, articles and scientific papers published since August 12 till 18 are below.

 

Bypassing IP Based Blocking with AWS API Gateway: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/.
 

A security vulnerability related to encryption on Bluetooth BR/EDR connections:

https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/;

https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli.

Researches made a separate webpage: https://knobattack.com/.


Netflix has discovered several resource exhaustion vectors affecting a variety of third-party HTTP/2 implementations: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md;

https://kb.cert.org/vuls/id/605641/;

https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/.
 

From email to phone number, a new OSINT approach: https://www.martinvigo.com/email2phonenumber/.

SSRF demonstration website: https://application.security/.

Threat hunting using DNS firewalls and data enrichment: https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html.

Cross-Router Covert Channels: https://www.usenix.org/system/files/woot19-paper_ovadia.pdf.


Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor: https://www.usenix.org/system/files/sec19-jansen.pdf.


Kaspersky got into a controversy: https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/.


An Open (free of charge) book on C++ Parallel Programming with Threading Building Blocks: https://link.springer.com/book/10.1007%2F978-1-4842-4398-5.

 

NSFW: https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628.

 

Repositories:
https://github.com/laserallan/malloc_geiger

https://github.com/paulknysh/blackbox