EUVD-2010-1151

Malware in sbrugna...

CVE-2010-1120

Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010...

General Motors GM Vulnerability Disclosure Program

General Motors’ new vulnerability disclosure program puts it alongside Tesla as the only major automakers with a mechanism for security researchers to report flaws. Unlike Tesla’s program, however, GM’s does not offer a monetary reward. GM launched its program last week via the HackerOne platform...

Dennis Fisher and Mike Mimoso on the Ashley Madison Breach and the Wyndham Data Breach Decision

Dennis Fisher and Mike Mimoso discuss the quasi-interesting fallout from the Ashley Madison hack, the appeals court decision about the Wyndham data breaches, and Charlie Miller leaving Twitter. Download: digitalunderground217.mp3 Music by Chris Gonsalves...

Cyber UL Could Become Reality Under Leadership of Hacker Mudge

UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime...

Harman-Kardon Uconnect Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-ALERT titled ICS-ALERT-15-203-01 FCA Uconnect VulnerabilityICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01, web site last accessed September 17, 2015. that was published July 22, 2015, on the NCCIC/ICS-CERT web site. Chris...

Podcast: Threatpost Previews Black Hat 2014

In this special edition of the Digital Underground Podcast, Dennis Fisher interviews fellow Threatpost editor Mike Mimoso and also Threatpost reporter Brian Donohue about the Black Hat security conference, which begins this week in Las Vegas. Topics of discussion include Chris Valasek and Charlie...

How to Fail at Black Hat

Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. B...

Groundbreaking Cyber Fast Track Research Program Ending

VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...

Moxie Marlinspike Leaving Twitter Security Team

Twitter has been collecting a lot of security talent in the last year or so, but now a major piece of the company’s security team is leaving. Moxie Marlinspike, the creative security and privacy researcher who founded Whisper Systems, which was acquired by Twitter in 2011, said on Friday that he ...

Researcher Charlie Miller Joins Twitter Security Team

Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security tea...

Charlie Miller Takes on NFC, Charlie Miller Wins

LAS VEGAS–Do not stand near Charlie Miller. Actually, you might not even want to let him walk past you. It’s not that Miller is a bad person, you understand. The problem is that Miller has figured out a couple of methods that enable him–or an attacker–to use the NFC chip in some phones to exploit...

Researchers bypass Google Bouncer Android Security

Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer,...

Think Safer

Not even a techno-religion is immune from security snafus, as the folks at Apple are steadily discovering. After years of watching the bad guys use crimeware kits like Zeus against Microsoft, the iGang finally got a malware construction tool to call its own in May of this year. Modeled on the...

Charlie Miller now working with DoD for Cyber Security

Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense DoD for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where ...

Charlie Miller now working with DoD for Cyber Security

Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense DoD for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where ...

Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion

Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program. As reported by...

Apple OS X Sandbox Predefined Profiles Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...