22 matches found
We Are Currently Clean on OPSEC: Why JD Can't Encrypt
We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated messages leaked to the press in spite of encryption Signal, to deepen the socio-technical considerations when designing and deploying encryption. First...
SoK: The Pitfalls of Deep Reinforcement Learning for Cybersecurity
Deep Reinforcement Learning DRL has achieved remarkable success in domains requiring sequential decision-making, motivating its application to cybersecurity problems. However, transitioning DRL from laboratory simulations to bespoke cyber environments can introduce numerous issues. This is furthe...
Chasing Shadows: Pitfalls in LLM Security Research
Large language models LLMs are increasingly prevalent in security research. Their unique characteristics, however, introduce challenges that undermine established paradigms of reproducibility, rigor, and evaluation. Prior work has identified common pitfalls in traditional machine learning researc...
CVE-2021-21413
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...
The Hidden Costs and Ethical Pitfalls of Content Scraping
Read about the significant hidden costs and ethical pitfalls of content scraping — and learn how to protect your website...
AI, election security headline discussions at Black Hat and DEF CON
As promised, Im back this week to recap some of the top stories coming out of Black Hat and DEF CON. Also as promised, AI was the talk of Vegas during Hacker Summer Camp or at least from what Ive been reading and hearing, I wasnt there in person. Several exhibitions and talks at both conferences...
The top stories coming out of the Black Hat cybersecurity conference
Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...
Playbook: Your First 100 Days as a vCISO - 5 Steps to Success
In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the...
The Power and Pitfalls of AI for US Intelligence
Artificial intelligence use is booming, but it's not the secret weapon you might imagine...
10 Unknown Security Pitfalls for Python
Python developers trust their applications to have a solid security state due to the use of standard libraries and common frameworks. However, within Python, just like in any other programming language, there are certain features that can be misleading or misused by developers. Often it is only a...
New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online...
CTF-All-In-One
This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...
CVE-2021-21413
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...
CVE-2021-21413
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...
Design/Logic Flaw
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...
CVE-2021-21413 Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...
CTF-All-In-One
This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...
LoRaWAN for IoT: Beware Encryption Misconfigurations and Security Pitfalls
UPDATE The LoRaWAN protocol, which efficiently supports low-power wireless devices over wide area networks, has become standard in the world of the industrial internet of things IoT. One of its benefits is its support for end-to-end encryption. However, researchers are warning that while LoRaWAN...
NSX-T vs. NSX-V – Key Differences and Pitfalls to Avoid
Learn the difference between VMware’s segmentation offerings, NSX-T vs NSX-V, and understand the several potential pitfalls that are important to consider before deployment...
HTTPS client certificate authentication security issues. Part 2/3
In the first story, I described some issues related to client certificates authentication implementations in environments with load balancers. This time I’d like to mention some typical issues in custom certificate validation processes when a developer is doing this itself in application code...