How Edward Snowden Would Use A Smartphone
-Graphene OS
-all traffic through TOR
-use ad-blocker and password manager
-use Signal or Wire
-...
https://www.eva.nmccann.net/blog/snowden-smartphone

Counter-Strike Global Offensive CVE-2019-15943
https://blog.firosolutions.com/exploits/counter-strike-go/

PHP 7.1-7.3 disable_functions bypass
https://github.com/mm0r1/exploits/tree/master/php-json-bypass

Iran's Oil Sector on 'Full Alert' Against Attacks

Iran's oil minister on Sunday ordered his country's energy sector to be on high alert to the threat of "physical and cyber" attacks.

Bijan Namdar Zanganeh said "it is necessary for all companies and installations of the oil industry to be on full alert against physical and cyber threats," in a statement published on the oil ministry's Shana website.
https://www.securityweek.com/irans-oil-sector-full-alert-against-attacks

Potential bypass of Runas user restrictions

Release Date:
October 14, 2019
Summary:
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

@ctfplay
Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Sudo versions affected:
Sudo versions prior to 1.8.28 are affected.
CVE ID:
This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.

Ref:
https://www.sudo.ws/alerts/minus_1_uid.html
https://access.redhat.com/security/cve/cve-2019-14287
#News
#Linux
@ctfplay

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw
https://ift.tt/33Fa8TX

Pwn2Win CTF 2019 - Registration is now open!


https://ift.tt/2vUQrbt