Found 34 bookmarks
Custom sorting
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
·rambo.codes·
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.
·openssl.org·
Heap memory corruption with RSA private key operation (CVE-2022-2274)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
·medium.com·
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
·rambo.codes·
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.
·openssl.org·
Heap memory corruption with RSA private key operation (CVE-2022-2274)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. [Download Slides](http://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Fitzl-macOS-vulnerabilities-hiding-in-plain-sight.pdf) [Download Whitepaper](http://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Fitzl-macOS-vulnerabilities-hiding-in-plain-sight-wp.pdf)
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
·medium.com·
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.
·openssl.org·
Heap memory corruption with RSA private key operation (CVE-2022-2274)