AirCatch: Effectively Tracing Advanced Tag-Based Trackers

Tag-based tracking ecosystems help users locate lost items, but can be leveraged for unwanted tracking and stalking. Existing protocol-driven defenses and prior academic solutions largely assume stable identifiers or predictable beaconing. However, identifier-based defenses fundamentally break do...

SIMulator: SIM Tracing on a (Pico-)Budget

SIM tracing -- the ability to inspect, modify, and relay communication between a SIM card and modem -- has become a significant technique in cellular network research. It enables essential security- and development-related applications such as fuzzing communication interfaces, extracting session...

JavelinGuard: Low-Cost Transformer Architectures for LLM Security

We present JavelinGuard, a suite of low-cost, high-performance model architectures designed for detecting malicious intent in Large Language Model LLM interactions, optimized specifically for production deployment. Recent advances in transformer architectures, including compact BERTDevlin et al...

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...

CVE-2024-28052

The CVE-2024-28052 entry concerns LevelOne WBR-6012, a wireless SOHO router. Talos reports a buffer overflow in the Web Application when handling HTTP POST requests with a URI length of 1454+ characters that do not start with /upn or /upg, causing a crash/reboot and potential access to a backdoor...

Attacker can DOS OptimisticListing with very low cost

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings25 was not mitigated and still applies like it is described there. --- The text was updated successfully, but these errors were encountered: All reactions...

Attacker can gain more voting power

Lines of code Vulnerability details Impact An attacker can gain more voting power at a low cost Proof of Concept When voting, voting power is taken from the snapshot at the same block as the proposal was created. The attacker can monitor mempool and borrow NFTs just in time when proposal is made...

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks...

‘Optical Adversarial Attack’ uses low-cost projector to trick AI

By Sudais Asif In the latest, we have another piece of research that deals with strikingly similar details but incorporating the trickery of Artificial Intelligence AI. This is a post from HackRead.com Read the original post: Optical Adversarial Attack uses low-cost projector to trick AI...

LIVE555 Streaming Media has an unspecified vulnerability

LIVE555 Streaming Media is an application from LIVE555 USA, Inc. a standards-based RTP/RTCP/RTSP/SIP multimedia streaming source code library for embedded and/or low-cost streaming applications.A security vulnerability exists in versions prior to LIVE555 Streaming Media 2021.3.16, which stems fro...

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center MSTIC is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect...

Free Tools Boost 2020 Election Security, but Not Enough

More companies than ever are offering low-cost security services for election bureaus and campaigns. It’s still not clear how much they’ll actually help...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

Two NSA Algorithms Rejected by the ISO

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include...

Serverless, Low Cost, Threat Intel Aggregation: ElasticIntel

ElasticIntel is serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch. It is an alternative to expensive threat intel aggregation platforms which ingest the same data feeds you could get for free. ElasticIntel is designed to provide a central,...

Cheap International Calls & Low Cost Roaming - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Cheap International Calls & Low Cost Roaming published at the 'play' market has multiple vulnerabilities...

lowcostdomains.ca XSS vulnerability

Open Bug Bounty ID: OBB-483744 Description| Value ---|--- Affected Website:| lowcostdomains.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

BinaryAlert - Serverless, Real-time & Retroactive Malware Detection

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...

Part 2: Reading SPAM For Research

A couple weeks ago, I posted a blog that is a follow up of an article I published in Information Security Magazine. In that post I wrote about collecting phishing samples and identifying domain squatters that might be looking to harvest information from their target. This is the final blog entry...

Backdoor Found in Firmware of Some Android Devices

Nearly three million Android devices are vulnerable to an attack that could allow a hacker to compromise over-the-air OTA updates to the devices and allow adversaries to remotely execute commands with root privileges. The problem stems from what researchers call an insecure implementation of an O...