Books & Papers Security Vulnerabilities

Exim 4.87 4.91 - (Local Remote) Command Execution

Exim 4.87 4.91 - (Local Remote) Command...

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

...

Fraudulent Academic Papers

The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise.....

Calibration Attack Drills Down on iPhone, Pixel Users

A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse across....

On Verifiable Delay Functions - How to Slow Burning the Planet Down (Verifiably)

Update: you can find the Part II of this series here In this blog post I am going to talk about some really cool cryptographic research done by Luca De Feo, Simon Masson, Christophe Petit and myself around a relatively new cryptographic construction called_ Verifiable Delay Functions_ (VDF from...

Fingerprinting iPhones

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...

Zombieload: Intel CPU exposure of a new side channel attack-exploit warning-the black bar safety net

! Security personnel recently discovered for Intel processor of the new side channel attack, which is also following the earlier Meltdown, the Spectre and Foreshadow after a fairly serious security problems. This vulnerability may allow an attacker to obtain the current processor is processing...

Another NSA Leaker Identified and Charged

In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified......

CHAPTER 3: ELECTION DAY - BEST PRACTICES AND READINESS CHECKLIST FOR DIGITAL NEWS PUBLISHERS

CHAPTER 3: ELECTION DAY - BEST PRACTICES AND READINESS FOR DIGITAL NEWS PUBLISHERS As the 2019 General Election results approach, the frenzy and anticipation continue to build. Digital news publishers have the opportunity to engage with audiences on their digital properties as users go online to...

Of hoodies and headphones: a spotlight on risks surrounding audio output devices

More than a decade ago, cardiologists from the Beth Israel Medical Center in Boston presented their findings at the American Heart Association (AHA) Scientific Sessions 2008 about MP3 headphones causing disruptions with heart devices—such as the pacemaker and the implantable cardioverter...

ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst

About a fifth of all web traffic (20.4 percent) comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps and APIs. That’s worse for some verticals, like the banking and finance sector, which was hit the hardest last year. That’s according to the Distil...

Ancestry: On the Vanguard of DevOps Security

Grant Johnson, Ancestry's Director, Risk & Compliance (This is a guest post by Grant Johnson, Director, Risk & Compliance at Ancestry) Over the past two years, Ancestry moved its entire applications and data infrastructure from local data centers to Amazon’s cloud, and this required a new approach....

Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico

An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly...

MS-ISAC Releases Security Primer on LockerGoga Ransomware

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an...

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may...

50m-ctf: $50 million CTF Writeup

Summary: For a brief overview of the challenge you can take a look at the following image: {F451370} Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases. Twitter The CTF begins with this tweet: {F451371} What is this.....

MS-ISAC Releases Security Primer on TrickBot Malware

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking....

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Breaking the Bank: Weakness in Financial AI Applications

Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence (AI) systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation....

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC)

Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution...

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)

...

Intel CPU Spoiler vulnerability alerts-a vulnerability alert-the black bar safety net

Spoiler is the researchers found that the impact of the Intel microprocessor architecture of a speculative attack a speculative attack is a new microprocessor disclosure vulnerability that leaks is about the physical page to the user space process mapping of key information. Spoiler with 2018 1 on....

Labs survey finds privacy concerns, distrust of social media rampant with all age groups

Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online. The Cambridge Analytica incident, along with other, seemingly....

RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase

SAN FRANCISCO: Business emails laced with malicious URLs in the message body have spiked by more than 125 percent in Q4 2018 in comparison with the quarter before. According to Mimecast’s latest Email Security Risk Assessment (ESRA) report, released at the RSA Conference 2019 in San Francisco this....

New found thunderclap vulnerability allows hackers to use a Thunderbolt/USB-C peripheral attack PC-vulnerability warning-the black bar safety net

Earlier by the Cambridge University computer science and Technology Department, Rice University, and Stanford Institute of International Studies a group of researchers announced a new vulnerability Thunderclap, affecting all major platforms, including MacOS and Windows. The vulnerability affects...

BlueHat Shanghai 2019 Call for Papers is Now Open!

We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...

BlueHat Shanghai 2019 Call for Papers is Now Open!

We know security experts with diverse skills and experiences are found around the world. This year, the BlueHat Security Conference is coming to Shanghai! BlueHat Shanghai 2019 will take place on May 29-30 at W Shanghai - The Bund. We want to provide a venue for security researchers to come...

HackerOne: Partial report contents leakage - via HTTP/2 concurrent stream handling

Summary: The concurrent handling of HTTP/2 streams allows for a "timeless timing attack": instead of timing, the ordering of responses is used, making the attack resilient to network jitter. As the /bugs.json endpoint takes slightly longer to process when a query returns results, it is possible to....

Announcing the new Security Engineering website

To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...

Houzz data breach: Why informing your customers is the right call

Houzz is an online platform dedicated to home renovation and design. Today (February 1, 2019), they notified their customers about a data breach that reportedly happened in December 2018. Data breaches unfortunately have become a common event. In fact, we dubbed 2018 the year of the data breach...

How a Dedicated Focus on Clarity Can Relieve Disorganization, Distraction and Confusion in Infosec

clar·i·ty /ˈklerədē/ _noun _the quality of being coherent and intelligible. "For the sake of clarity, each of these strategies is dealt with separately" synonyms: | lucidity, lucidness, clearness, perspicuity, intelligibility, comprehensibility, coherence;More ---|--- It’s been three...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation

...

MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation

...

MySQL User-Defined (Linux) (x32x86_64) - sys_exec Local Privilege Escalation

MySQL User-Defined (Linux) (x32x86_64) - sys_exec Local Privilege...

MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Exploit

Exploit for linux platform in category local...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation

...

How Web Apps Can Turn Browser Extensions Into Backdoors

Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by an adversary that can steal sensitive browser data and plant arbitrary files on targeted...

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or...

Taking a page from the kernel's book: A TLB issue in mremap()

Posted by Jann Horn, Project Zero This is a technical blog post about TLB flushing bugs in kernels, intended for people interested in kernel security and memory management. Introduction: Bugs in Memory Management code There have been some pretty scary bugs in memory management in the past,...

Weak Encryption

The DES and Triple-DES ciphers are vulnerable to birthday attacks, allowing a malicious user to decrypt and obtain cleartext data faster than a standard brute-force...

Side-channel Attack

GnuPG is vulnerable to side-channel attacks. An attacker in close physical range to the target system is able to decrypt ciphertexts using acoustic cryptanalysis to recover the RSA secret key belonging to the...

Ryuk ransomware attacks businesses over the holidays

While families gathered for food and merriment on Christmas Eve, most businesses slumbered. Nothing was stirring, not even a mouse—or so they thought. For those at Tribune Publishing and Data Resolution, however, a silent attack was slowly spreading through their networks, encrypting data and...

unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy

unCAPTCHA, an artificial intelligence-based automated system designed at the University of Maryland, has been updated to break Google’s latest audio-based reCAPTCHA challenges with an accuracy rate of 90 percent. Google has been working on refining and strengthening reCAPTCHA for years, a Turing...

Long-Range Familial Searching Forensics

Good article on using long-range familial searching -- basically, DNA matching of distant relatives -- as a police forensics tool. EDITED TO ADD (1/5): A smattering of papers on the...

Malware Attack Crippled Production of Major U.S. Newspapers

A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. this weekend – including the Los Angeles Times and Wall Street Journal. The virus impacted computer systems of Tribune Publishing Co., which publishes an array of...

Searching statically-linked vulnerable library functions in executable code

Helping researchers find 0ld days Posted by Thomas Dullien, Project Zero Executive summary Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details...

Buffer overflow

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung....

Input validation

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due...