Vulnerability Disclosure

Killing Filecoin nodes

Killing Filecoin nodes

| | blockchain, Vulnerability Disclosure
By Simone Monica In January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger ...
Trail of Bits Blog
Cybersecurity Insights with Contrast CISO David Lindner | 9/6/24

Cybersecurity Insights with Contrast CISO David Lindner | 9/6/24

| | 2fa, cyberespionage, MFA, Thought Leaders, Vulnerability Disclosure
Insight #1:  SQL injection baffles airport security  You mean to say that SQL Injection is still a problem? How many more of these have to happen before we realize there are control layers ...
AppSec Observer
Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

| | 2fa, cyberespionage, MFA, Thought Leaders, Vulnerability Disclosure
Insight #1: North Korean IT spies The threat of state-sponsored cyber espionage is real and evolving. Recent reports reveal North Korean IT professionals are using stolen identities and advanced tactics to infiltrate ...
AppSec Observer
Out of the kernel, into the tokens

Out of the kernel, into the tokens

| | Application Security, Linux, Vulnerability Disclosure
By Max Ammann and Emilio López Our application security team leaves no stone unturned; our audits dive deeply into areas ranging from device firmware, operating system kernels, and cloud systems to widely ...
Trail of Bits Blog

Breaking the shared key in threshold signature schemes

| | cryptography, Vulnerability Disclosure
By Fredrik Dahlgren Today we are disclosing a denial-of-service vulnerability that affects the Pedersen distributed key generation (DKG) phase of a number of threshold signature scheme implementations based on the Frost, DMZ21, ...
Trail of Bits Blog
LeftoverLocals Vulnerability: Listening to LLM responses through leaked GPU local memory

LeftoverLocals: Listening to LLM responses through leaked GPU local memory

| | machine learning, Vulnerability Disclosure
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs ...
Trail of Bits Blog
Billion times emptiness

Billion times emptiness

| | blockchain, Vulnerability Disclosure
By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to ...
Trail of Bits Blog
Struts2 CVE-2023-50164 by the numbers

Struts2 CVE-2023-50164 by the numbers

| | Apache Struts2, DevZone, Security Vulnerabilities, Struts2 vulnerability, Vulnerability Disclosure
Over the past few years, a not-so-great holiday season tradition has been critical security vulnerabilities that come out at the last minute, prompting action and fast responses at a time when resources ...
Sonatype Blog

Supermicro IPMI Firmware Vulnerabilities Disclosed

| | BMC (Baseboard Management Controller), Cross-Site Scripting (XSS), Cybersecurity, Cybersecurity News, Firmware Vulnerabilities, IPMI, Mitigation Measures, patching, Privilege Escalation, Remote Exploits, Security Flaws, Server Management, Supermicro, Vulnerability Disclosure
A number of security flaws have recently been discovered in Supermicro’s baseboard management controllers (BMCs). These Supermicro IPMI firmware vulnerabilities in the Intelligent Platform Management Interface (IPMI) pose serious dangers, including privilege ...
TuxCare
Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too)

Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too)

| | android, AOSP, Bug Bounties, bug bounty, bug bounty program, CVE-2022-20465, David Schütz, Google Pixel, lockscreen, puk, responsible disclosure, SB Blogwatch, Sounds like an excellent exploit designed by Google to assist law enforcement, Vulnerability Disclosure
A Hungarian researcher found a nasty Android security bug: Malicious people can unlock your phone ...
Security Boulevard
Load more