Lucene search
+L

1004 matches found

Filippo.io
Filippo.io
added 2023/10/05 9:21 p.m.38 views

Announcing the $12k NIST Elliptic Curves Seeds Bounty

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in ear...

7.4AI score
Exploits0
CISA
CISA
added 2023/10/05 12:0 p.m.6 views

NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations

Today, the National Security Agency NSA and Cybersecurity and Infrastructure Security Agency CISA released a joint cybersecurity advisory CSA, NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large...

7AI score
Exploits0References4
CISA
CISA
added 2023/10/04 12:0 p.m.8 views

CISA and NSA Release New Guidance on Identity and Access Management

Today, CISA and the National Security Agency NSA published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework ESF, a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that...

7.4AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2023/10/02 4:40 p.m.43 views

NSA AI Security Center

The NSA is starting a new artificial intelligence security center: The AI security centers establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/21 11:3 a.m.23 views

New Revelations from the Snowden Documents

Jake Appelbaums PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/14 11:2 a.m.15 views

China Hacked Japan’s Military Networks

The NSA discovered the intrusion in 2020--we dont know how--and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on--plans, capabilities, assessments of military shortcomings, according to...

6.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/07/27 8:31 p.m.12 views

The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole'

The National Security Agency has urged top lawmakers to resist demands that it obtain warrants for sensitive data sold by data brokers...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/18 11:34 a.m.69 views

VirusTotal Data Leak Exposes Some Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,...

6.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/03 8:0 a.m.22 views

Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia

In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/30 5:44 a.m.71 views

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...

8.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/09 8:0 p.m.21 views

Former TikTok exec: Chinese Communist Party had "God mode" entry to US data

A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/06 11:17 a.m.37 views

Snowden Ten Years Later

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...

7.1AI score
Exploits0
Trellix
Trellix
added 2023/06/06 12:0 a.m.6 views

Feeding Gophers to Ghidra

Feeding Gophers to Ghidra By Max Kersten · June 6, 2023 The scripts discussed in the article are based on the magnificent work of Dorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze these files without diving into a...

7.1AI score
Exploits0
Trellix
Trellix
added 2023/06/06 12:0 a.m.15 views

Feeding Gophers to Ghidra

Feeding Gophers to Ghidra By Trellix · June 6, 2023 This blog was written by Max Kersten The scripts discussed in the article are based on the magnificent work ofDorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze the...

7.1AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/06/01 8:52 p.m.9 views

Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians...

7AI score
Exploits0
OSV
OSV
added 2023/06/01 12:0 a.m.19 views

PUB-A-263783333

In TBD of TBD, there is a possible downgrade attack against cryptography in a 5G NSA network due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References1
ICS
ICS
added 2023/05/24 12:0 p.m.191 views

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory CSA to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China PRC state-sponsored cyber actor, also known as Volt Typhoon...

9.8CVSS9.8AI score0.9896EPSS
Exploits10References83
Wired Threat Level
Wired Threat Level
added 2023/04/27 4:52 p.m.23 views

NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI

The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next...

6.9AI score
Exploits0
ICS
ICS
added 2023/04/18 12:0 p.m.142 views

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre NCSC, the US National Security Agency NSA, US Cybersecurity and Infrastructure Security Agency CISA and US Federal Bureau of...

9CVSS9.6AI score0.21424EPSS
Exploits1References47
The Hacker News
The Hacker News
added 2023/01/26 2:52 p.m.155 views

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

Proof-of-concept Poc code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency NSA and the U.K. National Cyber Security Centre NCSC reported to Microsoft last year. Tracked as CVE-2022-34689 CVSS score: 7.5, the spoofing...

7.5CVSS0.3AI score0.37926EPSS
Exploits0
Rows per page
Query Builder