Exploits

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access ...

After writing Go for years, many of us have learned the error-checking pattern down to our bones: “Does this function return an error? Ope, better make sure it’s nil before moving on.” ...

A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution ...

Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them ...

In our October monthly episode we finish our three part series on targeted attacks. In this episode we discuss the exploit and malware analysis with special guest Tyler Hudak, Incident Response Practice ...

The initial release of yVault contained logic for computing the price of yUSDC that could be manipulated by an attacker to drain most (if not all) of the pool’s assets. Fortunately, Andre, ...

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which ...

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research ...

It’s been four years since my blog post “2000 cuts with Binary Ninja.” Back then, Binary Ninja was in a private beta and the blog post response surprised its developers at Vector35 ...

The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources ...