Books & Papers Security Vulnerabilities

A Bootiful Podcast: Mark Thomas, Apache Tomcat contributor extraordinaire

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long talks to longtime Apache Tomcat contributor extraordinaire Mark Thomas I wrote a free white paper on using Spring Boot 3 AOT and GraalVM. Learn the secrets to working with Spring Boot 3 and...

This Week in Spring - March 21st, 2023

Hi, Spring fans! Welcome to another rip roaring installment of This Week in Spring! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course, is just another amazing installment before Java 21, which comes out in six short months, including....

A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine on the latest and greatest in 2023

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long (@starbuxman) talks to Spring Batch lead Mahmoud Ben Hassine (@FMBENHASSINE) about the latest and greatest in Spring Batch. notes Submit your talk to SpringOne@Explore, being held August 21-24,...

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there...

Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs

When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-2588 The fix The bug is fixed in Linux v5.19 by...

Qakbot Evolves to OneNote Malware Distribution

Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju · March 07, 2023 This blog was also written by Raghav Kapoor Qakbot (aka QBot, QuakBot, and Pinkslipbot) is a sophisticated piece of malware that has been active...

Qakbot Evolves to OneNote Malware Distribution

Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, Raghav Kapoor, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju · March 07, 2023 Qakbot (aka QBot, QuakBot, and Pinkslipbot) is a sophisticated piece of malware that has been active since at least 2007. Since the...

Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked...

Avoid The Randomness From The Sky

This is a plea for cryptography specification authors. If your protocol uses randomness, please make it a deterministic function that takes a fixed-size string of random bytes, and publish known-answer tests for it. This whole issue could really be just the paragraph above, but I feel like I need.....

Attacking Machine Learning Systems

The field of machine learning (ML) security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...

Split vulnerable to preimage attack

Lines of code Vulnerability details Impact A motivated attacker could invest the resources to craft a malicious SplitsReceiver to steal all of a users' pending funds. Proof of Concept This is a non-practical implementation of the attack, but shows by extending the SplitsReceiver array by any...

Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

The results of our latest survey on mobile cybersecurity in K-12 and hospitals are in--and it's not all peaches and roses. When we talk about endpoint protection, it's only natural to only think about the most commonly compromised endpoints like work laptops and servers--but your smartphone isn't.....

University suffers leaks, shutdowns at the hands of Vice Society

The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isn't the University's first encounter...

5 must-haves for K-12 cybersecurity

Over the years, cyberattacks on K-12 schools and districts have steadily increased, and in 2022 that trend only continued. In the first half of 2022 alone, the education sector saw an average of almost 2,000 attacks every week--a 114% increase compared to two years ago. The tight budgets of many...

Happy 20th Birthday TaoSecurity Blog

Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you Blogger Blogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security...

Year in Review: Rapid7 Cybersecurity Research

Welcome to 2023, a year that sounds so futuristic it is hard to believe it is real. But real it is, and make no mistake, threat actors are still out there, working hard to get into networks the world over. So, at the start of the new year, I am reminded of two particular phrases: Those who do not.....

Breaking RSA with a Quantum Computer

A group of Chinese researchers have just published a paper claiming that they can--although they have not yet done so--break 2048-bit RSA. This is something to take seriously. It might not be correct, but it's not obviously wrong. We have long known from Shor's algorithm that factoring with a...

The 2022 Naughty and Nice List

It's the holiday season when children all over the world cross their fingers in the hope that they don't end up on a certain red-clad big man's naughty list. Turns out, we at Rapid7 have a similar tradition, only we're the ones making the list and there's a whole lotta naughty going on (not like...

Denial Of Service (DoS)

bluez-firmware is vulnerable to denial of service (DoS) attacks. The library does not properly handle the reception of continuous unsolicited LMP responses, allowing an attacker in radio range to trigger a denial of service and restart the device by flooding it with LMP_AU_Rand packets after the...

Denial Of Service (DoS)

bluez-firmware is vulnerable to denial of service (DoS) attacks. The library does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing an attacker to exhaust device BT resources and eventually trigger a crash...

Denial Of Service (DoS)

bluez-firmware is vulnerable to denial of service (DoS) attacks. The library does not properly handle the reception of LMP_max_slot with a greater ACL length after completion of the LMP setup procedure, allowing an attacker in radio range to trigger a denial of service via a crafted LMP...

Never Mind the Ears, Here's Security Nation

It's another year down and another season down for Security Nation. With the close of our fifth season, I wanted to take a minute here to reflect on who we spoke with and what we talked about. The show titles focus (as you would expect) on the individual interview subjects, but there's a bunch of.....

Exploit for Race Condition in Apple Safari

Get root on macOS 13.0.1 with...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Apple's AirTag stalker safeguards are "woefully inadequate," alleges lawsuit

Two women filed a proposed class-action lawsuit on Monday, December 5, in the United States District Court for the Northern District of California against Apple, the makers of AirTags. Airtags are a small Bluetooth-enabled devices designed to track personal belongings. The suit accuses the company....

The Decoupling Principle

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they...

Stegowiper - A Powerful And Flexible Tool To Apply Active Attacks For Disrupting Stegomalware

Over the last 10 years, many threat groups have employed stegomalware or other steganography-based techniques to attack organizations from all sectors and in all regions of the world. Some examples are: APT15/Vixen Panda, APT23/Tropic Trooper, APT29/Cozy Bear, APT32/OceanLotus, APT34/OilRig,...

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google's Chrome, Apple's Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what's known as a root certificate authority, a powerful spot in the...

Re-Focusing Cyber Insurance with Security Validation

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump...

This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. The existence of the tool, which is buried inside a Help Center page about "Friending," was first reported by Business Insider...

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network

Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlier....

Ransomware attack freezes newspaper printing system

Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems. Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which.....

Regulating DAOs

In August, the US Treasury's Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency platform Tornado Cash, a virtual currency "mixer" designed to make it harder to trace cryptocurrency transactions--and a worldwide favorite money-laundering platform. Americans are now forbidden from....

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision....

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

BlueHat 2023 Call for Papers is Now Open!

For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce...

Why a Resilient Content Delivery Network (CDN) is Key to Website Performance

Today’s online users have built-up certain standards of quality when visiting a website. They expect a high performance website with fast page load times and easily accessible, fresh and dynamic content. They also expect to enjoy a seamless and secure experience without downtime or limitations to.....

CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed...

CVE-2002-2213

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed...

CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited...

CVE-2002-2213

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed...

CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited...

CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed...

CVE-2017-1000417

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509...

CVE-2017-1000415

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100...