AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.
Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.
A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.
Vint Cerf revealed Google already uses the string, as do plenty of others
