Breaking the shared key in threshold signature schemes

By Fredrik Dahlgren Today we are disclosing a denial-of-service vulnerability that affects the Pedersen distributed key generation (DKG) phase of a number of threshold signature scheme implementations based on the Frost, DMZ21, ...
LeftoverLocals Vulnerability: Listening to LLM responses through leaked GPU local memory

LeftoverLocals: Listening to LLM responses through leaked GPU local memory

By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs ...
Billion times emptiness

Billion times emptiness

By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to ...
Struts2 CVE-2023-50164 by the numbers

Struts2 CVE-2023-50164 by the numbers

Over the past few years, a not-so-great holiday season tradition has been critical security vulnerabilities that come out at the last minute, prompting action and fast responses at a time when resources ...

Supermicro IPMI Firmware Vulnerabilities Disclosed

A number of security flaws have recently been discovered in Supermicro’s baseboard management controllers (BMCs). These Supermicro IPMI firmware vulnerabilities in the Intelligent Platform Management Interface (IPMI) pose serious dangers, including privilege ...

A New OpenSSL Vulnerability Is Coming – Get Ready to Patch

On Tuesday 1st of November, between 1-5pm UTC a new version of the widely adopted OpenSSL 3.x series will be released for general consumption. The OpenSSL project announced this in their mailing ...
Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

TL;DR Today Assura is announcing the discovery of two new vulnerabilities in Quicklert for Digium Switchvox. Late in 2021, Assura’s Offensive Security Operations team conducted a penetration test that uncovered two critical severity ...
Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

TL;DR Today Assura is announcing the discovery of two new vulnerabilities in Quicklert for Digium Switchvox. Late in 2021, Assura’s Offensive Security Operations team conducted a penetration test that uncovered... The post ...
Microsoft Storm-1152 fake accounts CaaS

Vulnerability Disclosures Rise to Meet Federal Requirements

For all its other security milestones, 2021 was the year that vulnerability disclosures began to get their due, taking on greater importance across all sectors, but particularly in government where valid submissions ...
Security Boulevard