Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Vulnerability

Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents. ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag ...

Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career

Talos lead of data strategy and insights has a lot of weight on her shoulders currently, but its nothing shes not used to Most people who first meet Ashlee Benge do a double take when they hear about her past experience. The average security practitioner at a networking event may share that they...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S N...

Coronavirus impacts security conferences and events: check your schedule

With coronavirus starting to take hold globally, international travel restrictions are kicking in and more workplaces are advising to work from home whenever possible. When self-isolation is a potential solution, public gatherings are increasingly looking like a terrible idea. Events are becoming...

HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ... The CodeXplorer plugin is one of the first publicly available Hex-Rays Decompiler plugins. We kee...

Inside MSRC: Sharing Our Story & Customer Tips

For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

August 1, 2017 – Morning Cyber Coffee Headlines – “August” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 1, 2017 - Headlines Carbon Black in the News: Carbon Black Appoints Form...

July 24, 2017 – Morning Cyber Coffee Headlines – “Shark Week” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 24, 2017 - Headlines Carbon Black in the News: Soon, your most important...

Five Ways That Good Guys Share More Than Bad Guys

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD. Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the...

A year of Windows kernel font fuzzing #1: the results

Posted by Mateusz Jurczyk of Google Project Zero This post series is about how we used at-scale fuzzing to discover and report a total of 16 vulnerabilities in the handling of TrueType and OpenType fonts in the Windows kernel during the last year. In part 1 here, we present a general overview of...

RSA Conference Chris Hoff Reuben Paul Keynote

SAN FRANCISCO – When it comes to the future development of secure software, there’s really only one “next generation” that matters. That’s why today when the covers were pulled back on a seven-foot-tall server rack wheeled out on stage during Chris Hoff’s RSA Conference keynote, those in the...

Full Disclosure Security Mailing List Shuts Down

The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said. John Cartwright, one of the...

MIRcon Preview: Why C-Level Executives Should Attend

Security conferences come and go and most are well attended by information security practitioners for professional development and networking. But what about the executives who are responsible for strategy and who hold the budgets - what conferences should they attend? With MIRcon 2013, Nov. 5-6,...

NSA Bought Exploit Service From VUPEN, Contract Shows

The U.S. government–particularly the National Security Agency–are often regarded as having advanced offensive cybersecurity capabilities. But that doesn’t mean that they’re above bringing in a little outside help when it’s needed. A newly public contract shows that the NSA last year bought a...

Dennis Fisher and Mike Mimoso Recap Black Hat and DEF CON 2013

Dennis Fisher and Mike Mimoso discuss the news from Black Hat and DEF CON, particularly the fact that the Web seems to be broken and that a lot of the attacks revealed in Las Vegas don’t have easy solutions. Download: digitalunderground122 Subscribe to the Digital Underground podcast on...

Ryan Naraine on the Security Analyst Summit 2013

Dennis Fisher talks with Ryan Naraine, the founding editor of Threatpost, about the Security Analyst Summit in San Juan, the reason why so many talks at security conferences sound the same and why surprise talks are so valuable. Download: digitalunderground111 Podcast audio courtesy of sykboy65...

HITB2011KUL - Mobile Malware Analysis

Document Title: =============== HITB2011KUL - Mobile Malware Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/424.wmv View: http://www.youtube.com/watch?v=nVAuZ7jf7Sk Release Date: ============= 2012-02-05 Vulnerability Laboratory ID VL-ID:...

Time to Focus on Results-Oriented Security

The security industry is full of pernicious problems with no easy solutions. Take spam, for example. The current best defense is filtering out the obvious spam messages. Yet, the countermeasure is not a solution: As anti-spam technology gets better, spammers merely churn out more spam and achieve...