Towards a Formal Verification of Secure Vehicle Software Updates

With the rise of software-defined vehicles SDVs, where software governs most vehicle functions alongside enhanced connectivity, the need for secure software updates has become increasingly critical. Software vulnerabilities can severely impact safety, the economy, and society. In response to this...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

Auto DNS registration by PVS Targets blocked by "Secure Updates Only" DNS setting

Auto DNS registration by PVS Targets blocked by "Secure Updates Only " DNS setting, plustheir timestamp in DNS showed "static "...

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

CVE-2016-1520

The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application...

BlockUpdatesOnHotpatch

Primarily build to block .NET non sec on GE Hotpatch but can be applied on any update that's not expected on the same product...