Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary

Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary. Huge thanks to my colleagues for this! I’m very pleased. 😇 The collection is growing. 😉 This time, the pin is styled like the Friends sitcom logo. It’s made of metal, coated...

EUVD-2022-53441

Malicious code in bioql PyPI...

CVE-2025-38715

In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfsbnoderead This patch introduces isbnodeoffsetvalid method that checks the requested offset value. Also, it introduces checkandcorrectrequestedlength method that checks and correct the requested...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

A Comment on "E-PoS: Making PoS Decentralized and Fair"

Proof-of-Stake PoS is a prominent Sybil control mechanism for blockchain-based systems. In "e-PoS: Making PoS Decentralized and Fair," Saad et al. TPDS'21 introduced a new Proof-of-Stake protocol, e-PoS, to enhance PoS applications' decentralization and fairness. In this comment paper, we address...

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That's why Intruder, a leader in attack surface management, built Intel now known ascvemon - a free vulnerability intelligence platform designed to help you act fast and prioritize...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

Authentication flaw

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

CVE-2022-32244

CVE-2022-32244 describes an authentication-related issue in SAP BusinessObjects BI Platform where an attacker authenticated as a CMS administrator can access and modify data in the BOE Commentary database. Under certain conditions and with high-privilege access on the same physical/logical networ...

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P9 / 4.3 < 4.3 SP2 P5 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P9, 4.3 SP2 P5 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities vulnerabilities: - An unauthenticated, remote attacker can view any data available for a...

Vulnerability in the Kaspersky Password Manager

A vulnerability just patched in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic...

Fast Random Bit Generation

Science has a paper and commentary on generating 250 random terabits per second with a laser. I dont know how cryptographically secure they are, but that can be cleaned up with something like Fortuna. EDITED TO ADD 3/12: Here are free versions of the paper and the commentary...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

Hacking the GCHQ Backdoor

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active­ -- silently inserting a secret...

Congressional Report on the 2017 Equifax Data Breach

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...

Cybersecurity and the 2017 US National Security Strategy

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...

The grugq on Reality Winner, the Intercept, and OPSEC

Good commentary...