A very good summary of the advancement of virtualization technologies used in AWS EC2. The newest instance type offered is simply AWS Bare Metal, which provides all the hardware access with little performance overhead, while still retaining the benefits of cloud – elasticity etc.
AWS EC2 Virtualization 2017: explaining the different virtualization types, from emulation and binary substitution, paravirtualization and Xen, PV, HVM, and PVHVM modes, and the new Nitro hypervisor
This is as bad as it gets. While Apple’s hardware is still top-notch, the quality of their software – especially on macOS – seems to be going down. Too much emphasis on iOS?
Wow, this is a bad one. On Macs running the latest version of High Sierra (10.13.1 (17B48)), it appears that anyone can log in just by putting “root” in the..
Source: Huge security flaw lets anyone log into a High Sierra Mac
Updates:
2017-11-30: Apple releases a fix
2017-11-30: The fix apparently broke file sharing on macOS. Software is hard. Period.
Gaining full privileged access to the CPU just by plugging in a USB device? This is as serious as it sounds.
Positive Technologies plans to demonstrate at the next Black Hat conference how to hack over USB into Intel Management Engine of most CPUs since 2008.
Source: Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw
Sub-domain enumeration is one of the techniques used in penetration testing. The following article gives a good guide on how to start.
As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a…
Source: A penetration tester’s guide to sub-domain enumeration