Code injection

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

Design/Logic Flaw

In SimpliSafe Original, RF Interference e.g., an extremely strong 433.92 MHz signal by a physically proximate attacker does not cause a notification...

CVE-2018-11401

In SimpliSafe Original, RF Interference e.g., an extremely strong 433.92 MHz signal by a physically proximate attacker does not cause a notification...

CVE-2018-11401

CVE-2018-11401 concerns SimpliSafe Original. The issue, described in the NVD entry, is that RF interference from a physically proximate attacker (e.g., a strong 433.92 MHz signal) does not trigger a notification. The CVSSv3.0 vector (AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) yields a base score of 4.6...

CVE-2018-11401

In SimpliSafe Original, RF Interference e.g., an extremely strong 433.92 MHz signal by a physically proximate attacker does not cause a notification...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2018-10982)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. An elevation of privilege vulnerability exists in the way the Microsoft Windows Kernel API executes privileges. An attacker could use this vulnerability to emulate a...

Perspectives on Russian hacking

Russia is an endlessly fascinating subject both in and around infosec. Recent years have shifted attention away from pure malware capabilities, to psyops, social engineering, and an endless slew of mind games designed to destabilize and keep nations ever-so-slightly off balance. Security firms in...

PCI DSS Compliance : Scan Interference

Interference from either the network or the host did not allow the scan to fulfill the PCI DSS scan validation requirements. This report is insufficient to certify this server. There may be a firewall, IDS or other software blocking Nessus from scanning. C Tenable Network Security, Inc...

January 17, 2017 – Morning Cyber Coffee Headlines – “Australian Open” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 17, 2018 - Headlines Carbon Black in the News: Confidence in legacy...

January 11, 2017 – Morning Cyber Coffee Headlines – “Chess” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 11, 2018 - Headlines Carbon Black in the News: The Underground Ransomwa...

Network Interference Detection Tool: ooniprobe

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...

Russian Propaganda Talks on Capitol Hill Thrust Cyber Espionage into the Public Eye

Leading tech executives from Google, Facebook, and Twitter returned to Capitol Hill on Wednesday for a second day of testimony as senators from both sides of the aisle took the companies to task for allegedly failing to defuse Russia's attempt to sway American voters ahead of the 2016 presidentia...

Rowhammer Attacks Come to MLC NAND Flash Memory

The Rowhammer attacks developed by Google more than two years ago put the focus on hardware front and center. That research allowed attackers to flip dynamic random access memory DRAM bits in order to induce those memory cells to change their state. Google’s research enabled kernel-level privileg...

Ukrainian Man Arrested, Charged in NotPetya Distribution

The Cyber Police of Ukraine arrested a suspect they allege distributed the destructive NotPetya/ExPetr malware resulting in the infection of 400 computers. NotPetya/ExPetr was the malware behind a massive global cyberattack that took place earlier this year. It infected computers worldwide with...

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

July 14, 2017 – Morning Cyber Coffee Headlines – “Bastille Day” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 14, 2017 - Headlines Carbon Black in the News: US Voters Consider Russia t...

June 23, 2017 – Morning Cyber Coffee Headlines – “Grizzly Bear” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 23, 2017 - Headlines Carbon Black in the News: Top 10 Endpoint Detection a...

NSA Document Outlining Russian Attempts to Hack Voter Rolls

This week brought new public evidence about Russian interference in the 2016 election. On Monday, the Intercept published a top-secret National Security Agency document describing Russian hacking attempts against the US election system. While the attacks seem more exploratory than operational ­--...

Trump Signs Cybersecurity Executive Order

President Trump today signed a long-delayed cybersecurity executive order that prioritizes the protection of federal networks and critical industries, and instructs agency heads to implement the NIST Framework for Improving Critical Infrastructure Cybersecurity. The order was to be signed in late...

Google, Jigsaw Partner on Free Tools to Secure Elections

Alphabet subsidiary Jigsaw announced on Tuesday that it and Google would offer a free suite of security tools aimed at securing political elections. The announcement was fresh off a tense House Intelligence Committee meeting on Monday during which FBI Director James Comey confirmed that the burea...