U.S. Dept Of Defense: Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on █████████ (very large/significant exposure)

A vulnerability was discovered in a Department of Defense-owned Salesforce asset that allowed unauthorized access to sensitive personal information of Air Force candidates. The vulnerability stemmed from a misconfiguration in the Document object, which permitted an attacker to retrieve a large...

U.S. Dept Of Defense: Publicly Editable U.S. Air Force Google Spreadsheet Exposing Student Leave Data

The U.S. Air Force Google Spreadsheet that exposed student leave data was publicly editable, allowing any unauthorized user to access and modify the restricted contents...

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice DoJ on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense,...

Drones and the US Air Force

Fascinating analysis of the use of drones on a modern battlefield--that is, Ukraine--and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft...

airforceschoolsulur.com Cross Site Scripting vulnerability OBB-3746987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics

Documents obtained by WIRED show SafeGraph, which sold location data related to Planned Parenthood visits, is now pursuing contracts with the US Air Force...

aseanairforce.org Cross Site Scripting vulnerability OBB-3295252

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The US Air Force Is Moving Fast on AI-Piloted Fighter Jets

After successful autonomous flight tests in December, the military is ramping up its plans to bring artificial intelligence to the skies...

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West...

Military’s RFID Tracking of Guns May Endanger Troops

Reports that the military has started outfitting firearms with RFID tags for tracking have raised security alarms. The concern: What if the enemy uses the tags to track soldiers on the battlefield? The Department of Defense, the Marines and the Navy have already rejected the RFID tagging tech for...

Pega Infinity patches authentication vulnerability

Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...

Military, Nuclear Entities Under Target By Novel Android Malware

Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat APT group to target military, nuclear and election entities in Pakistan and Kashmir. The two malware families, which researchers call “Hornbill” and “SunBird,” have sophisticated...

Facebook Ad Services Let Anyone Target US Military Personnel

Researchers warn that an advertising platform with categories like “Army” and “United States Air Force Security Forces” could be abused...

Behind Anduril’s Effort to Create an Operating System for War

The company, launched by Oculus cofounder Palmer Luckey, is building software to connect multiple Air Force systems—allowing officers to act more quickly...

CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

Buffer overflow

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

CVE-2020-13995

CVE-2020-13995 affects the U.S. Air Force Sensor Data Management System extract75. The issue is a buffer overflow in a global variable (sBuffer) that can lead to a Write-What-Where condition. Writing beyond sBuffer can clobber global variables until reaching pointers like DES_info or image_info; ...

CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

The Feds Want These Teams to Hack a Satellite—From Home

Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service...

The Air Force Ditches Its Nuclear Command Floppy Disks

A Samsung Galaxy 10 fingerprint goof, a Tor impostor, and more of the week's top security news...