Latest Posts with Vulnerability tag

Vulnerability

40 Articles 0 Followers


Good and Bad of Google’s Project Zero Vulnerability Disclosure Changes

19 Apr 2021 1 minute read 3 comments Matthew Rosenquist

Google’s infamous Project Zero vulnerability research team recently announced it is changing its disclosure policy to be more friendly to product vendors.  But is that good for cybersecurity? In this week’s video, I discuss the pro’s and con’s of th...

Intel in Denial of the Latest SGX Secure Enclave Vulnerability

19 Nov 2020 1 minute read 8 comments Matthew Rosenquist

Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology.  The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to t...

Deloitte's 'Test your Hacker IQ' Proves Vulnerable to being Hacked

10 Nov 2020 1 minute read 2 comments Matthew Rosenquist

A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked.  This incident showcases a number of important lessons for every organization that wants...

Warning - Bitcoin SV vulnerability making your wallet prone to hacking

10 Nov 2020 1 minute read 3 comments Heruvim78

Bitcoin SV (BSV) is a fork from Bitcoin Cash (BCH), aiming to create a version of Bitcoin much faster, oriented towards online payments. But, in order to achieve the much needed speed, they eliminated some of the key features of the Bitcoin. In doin...

IOST – Forbidden Identifier Bypass With Unicode Encoding

7 Nov 2020 3 minute read 2 comments art_of_bug

Welcome back. Once more today we come back to IOST. After some cooperation with the team, we were told the funds were exhausted for our cause and hence they can't incentivize our efforts anymore. Since the incentive is gone, today's report is somewha...

Intel’s Secret Key to Decrypt Microcode Patches is Exposed

2 Nov 2020 2 minute read 2 comments Matthew Rosenquist

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines. This is an important finding as...

The NSA knows something you don't

23 Oct 2020 1 minute read 8 comments Matthew Rosenquist

The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data. The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information...

Apple T2 Chip Vulnerability Challenges the Industry

18 Oct 2020 1 minute read 0 comments Matthew Rosenquist

Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched!  The announcement adds to the growing concerns and shifting perceptions about hardware security. Hardware-based security has pros and cons...

Nebulas – String Repeat Crash

11 Oct 2020 4 minute read 5 comments art_of_bug

Welcome to our next episode. Today we close Nebulas. The project failed to fix the vulnerabilities we reported previously, there was no official response to our attempts to contact its team. In at least one case a moderator of its subreddit deleted o...

Painful IoT Security Lessons Highlighted by a Digital Padlock

16 Sep 2020 2 minute read 3 comments Matthew Rosenquist

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure. Straightforward penetration testing rev...