Reverse Engineering and Control-Aware Security Analysis of the ArduPilot UAV Framework

Unmanned Aerial Vehicle UAV technologies are gaining high interest for many domains, which makes UAV security of utmost importance. ArduPilot is among the most widely used open-source autopilot UAV frameworks; yet, many studies demonstrate the vulnerabilities affecting such systems. Vulnerabiliti...

EUVD-2020-5170

Malware in sbrugna...

Testbed and Software Architecture for Enhancing Security in Industrial Private 5G Networks

In the era of Industry 4.0, the growing need for secure and efficient communication systems has driven the development of fifth-generation 5G networks characterized by extremely low latency, massive device connectivity and high data transfer speeds. However, the deployment of 5G networks presents...

This Week in Spring - March 5th, 2024

Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....

Apache UIMA Deserialization Vulnerability

Apache UIMA is the United States Apache Apache Foundation, a componentized software architecture. Used to analyze large-volume unstructured information associated with end users. Apache UIMA version 3.5.0 before the existence of a deserialization vulnerability , the vulnerability stems from the...

Google Home Vulnerability: Eavesdropping on Conversations

By Deeba Ahmed The issue was caused by the software architecture used in Google Home devices. This is a post from HackRead.com Read the original post: Google Home Vulnerability: Eavesdropping on Conversations...

Apache UIMA path traversal vulnerability

Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...

GSD-2022-1006310 ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.326 by commit...

GSD-2022-1003147 NFC: NULL out the dev->rfkill to prevent UAF

NFC: NULL out the dev-rfkill to prevent UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

Cloud-focused Firms Earn High Marks for Software Security in BSIMM8 Report

Companies pushing the cloud envelope are most likely to run safer cleaner code. On the flip side, as the healthcare industry embraces an increasingly software-driven business model, it is struggling to keep up with its peers when it comes to software security. Those are some of the takeaways from...

Cyber Probe - Capturing, Analysing and Responding to Cyber Attacks

Cyberprobe is a distributed software architecture for monitoring of networks against attack. It consists of two components: cyberprobe, which collects data packets and forwards them over a network in standard streaming protocols; and cybermon which decodes protocols, and invokes user-defined logi...

Internet Bug Bounty: Ericsson Erlang OTP Core Allocation Subsystem Integer Overflow (All Versions)

Lab Mouse Security Report LMS-2014-06-23-7 Report ID: LMS-2014-06-23-7 Report Code Name: EARLGREY.1 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: [email protected] Researcher Website: www.securitymouse.com Vulnerability Status: Patched...

WinRM Script Exec Remote Code Execution

This module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2 and above and VBS CmdStager. The module will check if Powershell is available, and if so uses that method. Otherwise it falls back to the VBS...

Eugene Kaspersky Unveils Plans for New Secure SCADA OS

Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible...

Kerala cyber police closing in on software theft culprits !

Thiruvananthapuram, Jan 5 IANS The cyber wing of the Kerala Police Wednesday claimed it had got vital clues about the theft of software source codes and intellectual property data from a Kochi-based IT company. The investigation is progressing on the right track, V.K. Ajith Mohan of the police...