FuzzBench, MediaTek-su, Request Smuggling, and Memory Tagging

A New AMD sidechannel, and an old intel CSME attack, a couple deserialization attacks, and a few clever but not terribly useful attacks, and some discussion about memory tagging on this weeks episode of DAY[0].

• [00:00:21] Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote
  
• [00:06:52] Announcing Remote Participation in Pwn2Own Vancouver
  
• [00:11:22] Revoking certain certificates on March 4
  
• [00:19:40] FuzzBench: Fuzzer Benchmarking as a Service
  
• [00:28:53] Intel x86 Root of Trust: loss of trust
  
• [00:39:07] Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
  
• [00:49:11] VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
  
  • https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af
  
  
  • https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
  
  
• [00:55:11] MediaTek rootkit affecting millions of Android devices
  
• [01:01:56] Zoho ManageEngine RCE
  
• [01:11:25] RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555)
  
• [01:14:22] Regex Vulnerabilities - parse-community/parse-server
  
• [01:18:57] HTTP request smuggling using malformed Transfer-Encoding header
  
• [01:27:20] [Nextcloud] Delete All Data of Any User
  
• [01:30:36] Dismantling DST80-based Immobiliser Systems
  
• [01:37:53] Exploring Backdoor Poisoning Attacks Against Malware Classifiers
  
• [01:45:59] Code Renewability for Native Software Protection
  
• [01:55:42] Security Analysis of Memory Tagging
  
• [02:04:15] DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier
  

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])