Vulnerability

46 Articles 0 Followers


In the United States, they requested 8 years in prison for withdrawing $110 million from the DeFi protocol.

26 Apr 2025 1 minute read 0 comments Evtuoil

The New York City Attorney's Office has requested 6.5 to 8 years (78 to 97 months) in prison for Abraham Eisenberg. In 2022, he withdrew $110 million from the Mango Markets DeFi platform, but not by hacking its code, but by exploiting a vulnerability...

Are They Vulnerabilities or Undocumented Debug Features

11 Mar 2025 1 minute read 2 comments Matthew Rosenquist

The recent undocumented code in the ESP32 microchip, made by Chinese manufacturer Espressif Systems, is used in over 1 billion devices and could represent a cybersecurity risk. Its reveal by security researchers has kicked off an interesting discuss...

Perfect Vulnerability for CISO Ultra Reliable Systems

8 Nov 2024 1 minute read 0 comments Matthew Rosenquist

A “Perfect” 10 vulnerability score is not what users of Cisco Ultra-Reliable Wireless Backhaul (URWB) systems were expecting. The recently discovered cybersecurity vulnerability CVE-2024–20418 is remote, easy, and gives full Admin rights to the devi...

Last Minute Save for the CVE Program

17 Apr 2025 1 minute read 0 comments Matthew Rosenquist

I am very glad that the Common Vulnerabilities and Exposures (CVE) program was re-funded by the US Government, specifically CISA (Cybersecurity and Infrastructure Security Agency), but this last-minute catch has raised serious concerns with the rece...

Delink Aadhaar From Your Indian Bank Accounts

28 Nov 2024 2 minute read 0 comments Debesh Choudhury

Aadhaar is a broken digital identity project of India! Adopting biometrics as an authentication factor made Aadhaar a pain for Indian citizens! They lose money almost every day from their bank accounts! Poor citizens lose money from their bank ac...

Intel in Denial of the Latest SGX Secure Enclave Vulnerability

19 Nov 2020 1 minute read 8 comments Matthew Rosenquist

Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology.  The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to t...

More Challenges for Intel Hardware Product Security

29 Jan 2020 1 minute read 4 comments Matthew Rosenquist

New CPU Vulnerabilities Discovered RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers...

Good and Bad of Google’s Project Zero Vulnerability Disclosure Changes

19 Apr 2021 1 minute read 3 comments Matthew Rosenquist

Google’s infamous Project Zero vulnerability research team recently announced it is changing its disclosure policy to be more friendly to product vendors.  But is that good for cybersecurity? In this week’s video, I discuss the pro’s and con’s of th...

Intel’s Secret Key to Decrypt Microcode Patches is Exposed

2 Nov 2020 2 minute read 2 comments Matthew Rosenquist

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines. This is an important finding as...

Happy that Crypto is Embracing Bug Bounties to Improve Security

14 Oct 2019 1 minute read 0 comments Matthew Rosenquist

I am really glad the crypto community has taken advantage of professional Bug Bounty programs, as they make a meaningful difference in finding vulnerabilities in software.  It took the regular software industry decades to see the value. There is an...