Towards Understanding and Characterizing Vulnerabilities in Intelligent Connected Vehicles through Real-World Exploits

Intelligent Connected Vehicles ICVs are a core component of modern transportation systems, and their security is crucial as it directly relates to user safety. Despite prior research, most existing studies focus only on specific sub-components of ICVs due to their inherent complexity. As a result...

WATCHDOG: an Ontology-AWare Risk AssessmenT ApproaCH Via Object-Oriented DisruptiOn Graphs

When considering risky events or actions, we must not downplay the role of involved objects: a charged battery in our phone averts the risk of being stranded in the desert after a flat tyre, and a functional firewall mitigates the risk of a hacker intruding the network. The Common Ontology of Val...

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project OWASP online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilitie...

An In-Depth Look at ICS Vulnerabilities Part 2

In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels...

Sitadel

This repository is an update for WAScan, making it compatible with Python versions 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, defining risk levels for scans, and a...

[KSA-003] Cross Site Scripting Vulnerability in Phpgroupware

================================================= Kereval Security Advisory KSA-003 Cross Site Scripting Vulnerability in Phpgroupware ================================================= PROGRAM: Phpgroupware HOMEPAGE: http://www.phpgroupware.org/ VULNERABLE VERSIONS: 0.9.14.003 RISK: Low/Medium...