Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research. The research author, Chuong Dong, a computer science student at...

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside...

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside...

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Researchers have developed a proof-of-concept side-channel attack that allows them to pull encryption keys from a single decryption for a modern version of OpenSSL. The attack impacts mobile devices — without physical access to the handsets. A group of researchers at Georgia Tech were able to...

Android Overlay and Accessibility Features Leave Millions at Risk

University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. The discovery was made by researchers at Georgia Institute of Technology, who call the researc...

TCP Vulnerability Haunts Wind River VxWorks Embedded OS

There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed...

Bad casting from the BasicThebesLayer to BasicContainerLayer — Mozilla

Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center GTISC reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no...

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8491)

Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...

Use-after-free when updating offline cache — Mozilla

Security researcher Byoungyoung Lee of Georgia Tech Information Security Center GTISC used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash...

Yahoo! Announces Hack U™ Spring 2011 Series !

Yahoo! is proud to announce the Hack U™ Spring 2011 calendar of events. Join Yahoo! web experts for a week of learning, hacking and fun! You'll hear interesting tech talks, hacking tips and lessons, and get hands-on coding workshops where you'll work with cutting-edge technology. The week's event...

Georgia Tech SQL Injection

Georgia Tech Multiple SQL Injection Vulnerabilities ..,--....,'. .b--. /; .. \ \ . ,. =,-,-' ----,..'--,..'-.;.' Disclosure by: cats Domain: gatech.edu 1 Description 2 Extracted sample data 3 Vulnerabilities and details 1 Description A large amount of vulnerabilities have been found in just about...

Short Passwords Open To Brute Force Attacks

A password of less than seven characters will soon be “hopelessly inadequate” even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. Read the full article. The Register...

Kraken-Based Botnet Makes A Comeback

Since April, a son-of-Kraken botnet has infected an estimated 318,058 machines – about half as big as the original Kraken was at its height in the middle of 2008, according to Paul Royal, a research scientist at the Georgia Tech Information Security Center. Read the full article. The Register...

Spam, phishing and online scams: A network view

In this Google Tech Talk, Nick Feamster, an assistant professor at Georgia Tech, dives into the murky world of phishing and online scams as they relate to the epidemic of spam...