46 Articles 0 Followers
7 Nov 2020 3 minute read 2 comments art_of_bug
Welcome back. Once more today we come back to IOST. After some cooperation with the team, we were told the funds were exhausted for our cause and hence they can't incentivize our efforts anymore. Since the incentive is gone, today's report is somewha...
2 Nov 2020 2 minute read 2 comments Matthew Rosenquist
A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines. This is an important finding as...
23 Oct 2020 1 minute read 8 comments Matthew Rosenquist
The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data. The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information...
18 Oct 2020 1 minute read 0 comments Matthew Rosenquist
Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched! The announcement adds to the growing concerns and shifting perceptions about hardware security. Hardware-based security has pros and cons...
11 Oct 2020 4 minute read 5 comments art_of_bug
Welcome to our next episode. Today we close Nebulas. The project failed to fix the vulnerabilities we reported previously, there was no official response to our attempts to contact its team. In at least one case a moderator of its subreddit deleted o...
16 Sep 2020 2 minute read 3 comments Matthew Rosenquist
The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure. Straightforward penetration testing rev...
13 Sep 2020 1 minute read 0 comments Matthew Rosenquist
Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. One of them was a critical flaw in AMT that allowed remote privilege escalation CVE-2020-...
12 Sep 2020 6 minute read 3 comments art_of_bug
Welcome back. Today we come back again to IOST. And again, today's report is on an already fixed vulnerability allowing the attacker to critically damage whole network with just sending calls to a specially crafted contract. The proof of knowledge is...
11 Aug 2020 4 minute read 4 comments art_of_bug
Welcome to our next episode. Today we continue with Nebulas which goes, slowly but steadily, towards being the worst project we have ever analyzed. Why is that? It's because we still haven't received any reply to any of our attempts of contacting the...
19 Jul 2020 7 minute read 2 comments art_of_bug
Welcome back. Today we come back to IOST. As we mentioned before, IOST team contacted us and we've been working together since. Today's report is on an already fixed vulnerability allowing the attacker to critically damage whole network with just sen...
