Facebook Helped Develop a Tails Exploit

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which ...

Another Intel Speculative Execution Vulnerability

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research ...
asm

Revisiting 2000 cuts using Binary Ninja’s new decompiler

| | Binary Ninja, Exploits
It’s been four years since my blog post “2000 cuts with Binary Ninja.” Back then, Binary Ninja was in a private beta and the blog post response surprised its developers at Vector35 ...
Figure 1: Sam Sun (samczsun) discovered a critical vulnerability in ENS

Manticore discovers the ENS bug

The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources ...
security

Imperva Report: Third of Vulnerabilities Lack Fix

An analysis of the vulnerabilities that were disclosed in 2019 conducted by Imperva, a provider of firewall management software, finds there was a 17.6% increase compared to 2018, with 22% of those ...
Security Boulevard
Exploiting the Windows CryptoAPI Vulnerability

Exploiting the Windows CryptoAPI Vulnerability

| | cryptography, Exploits
On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of ...

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates ...
Privacy on iPhone — Simple as that — Apple

Introducing iVerify, the security toolkit for iPhone users

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many ...
Apple Zero-Day Exploited in New BitPaymer Campaign

Apple Zero-Day Exploited in New BitPaymer Campaign

In August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another ...

New Unpatchable iPhone Exploit Allows Jailbreaking

| | Exploits, ios, iPhone, Malware
A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's ...