Vulnerability

41 Articles 0 Followers


Zero-Day Threats: Water Hydra's Tactics and Trend Micro's Defense

19 Feb 2024 2 minute read 2 comments AX17

As I'm exploring the topics of software development and the latest technical news regularly, I decided to look deeper at the previous week’s news regarding a vulnerability exploit. More specifically is about CVE-2024-21412 - a zero-day vulnerability...

Good and Bad of Google’s Project Zero Vulnerability Disclosure Changes

19 Apr 2021 1 minute read 3 comments Matthew Rosenquist

Google’s infamous Project Zero vulnerability research team recently announced it is changing its disclosure policy to be more friendly to product vendors.  But is that good for cybersecurity? In this week’s video, I discuss the pro’s and con’s of th...

Intel in Denial of the Latest SGX Secure Enclave Vulnerability

19 Nov 2020 1 minute read 8 comments Matthew Rosenquist

Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology.  The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to t...

Deloitte's 'Test your Hacker IQ' Proves Vulnerable to being Hacked

10 Nov 2020 1 minute read 2 comments Matthew Rosenquist

A website tied to an event that quizzed people on their hacking knowledge, launched by major a security consultancy firm, is itself vulnerable to being hacked.  This incident showcases a number of important lessons for every organization that wants...

Warning - Bitcoin SV vulnerability making your wallet prone to hacking

10 Nov 2020 1 minute read 3 comments Heruvim78

Bitcoin SV (BSV) is a fork from Bitcoin Cash (BCH), aiming to create a version of Bitcoin much faster, oriented towards online payments. But, in order to achieve the much needed speed, they eliminated some of the key features of the Bitcoin. In doin...

IOST – Forbidden Identifier Bypass With Unicode Encoding

7 Nov 2020 3 minute read 2 comments art_of_bug

Welcome back. Once more today we come back to IOST. After some cooperation with the team, we were told the funds were exhausted for our cause and hence they can't incentivize our efforts anymore. Since the incentive is gone, today's report is somewha...

Intel’s Secret Key to Decrypt Microcode Patches is Exposed

2 Nov 2020 2 minute read 2 comments Matthew Rosenquist

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines. This is an important finding as...

The NSA knows something you don't

23 Oct 2020 1 minute read 8 comments Matthew Rosenquist

The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data. The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information...

Apple T2 Chip Vulnerability Challenges the Industry

18 Oct 2020 1 minute read 0 comments Matthew Rosenquist

Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched!  The announcement adds to the growing concerns and shifting perceptions about hardware security. Hardware-based security has pros and cons...

Nebulas – String Repeat Crash

11 Oct 2020 4 minute read 5 comments art_of_bug

Welcome to our next episode. Today we close Nebulas. The project failed to fix the vulnerabilities we reported previously, there was no official response to our attempts to contact its team. In at least one case a moderator of its subreddit deleted o...