[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections security linux Article 2891 words 7 votes
Kaspersky vulnerabilities: uninstalling any Chrome extension, tracking users in incognito or different browsers, and controlling functionality with links security Article 2761 words 9 votes
Multiple Fortinet products communicate with FortiGuard services while only "encrypting" sensitive user data using XOR with a hardcoded key security privacy Article 912 words 9 votes
Bad Binder: A use-after-free exploit in Binder in the Android kernel that was being exploited in the wild security Article 2653 words 5 votes
Explanation and proof-of-concept exploitation of a vulnerability in the "docker cp" command that enabled full container escape and root control of the host security Article 1487 words 6 votes
Infectious Executable Stacks and GCC's extension that allows closures in C programming languages security Article 922 words 7 votes
Announcing GitHub Security Lab: securing the world’s code, together security open source Article 922 words 5 votes
Bytecode Alliance: Building a secure by default, composable future for WebAssembly security web development Article 5026 words 9 votes
The benefits of test-case reduction, and tools that can help do it automatically security Article 4756 words 3 votes
Chrome 0-day exploit CVE-2019-13720 used a race condition and a Use-After-Free to install persistent malware on Windows security Article 1264 words 10 votes
Cloudflare's implementation of the Network Time Security protocol, written in Rust security Article 2545 words 8 votes
Certbot usability case study: Making it easier to get HTTPS certificates security Article 6227 words 12 votes
Critical security issue identified in iTerm2 as part of Mozilla open source audit security Article 453 words 12 votes
How a double-free bug in WhatsApp for Android could be turned into a remote code execution vulnerability security Article 1104 words 6 votes
New DDoS vector observed in the wild leveraging WS-Discovery for amplification, attacks hitting 35 Gbps security Article 2577 words 11 votes
The researcher who published the Steam Windows privilege-escalation exploit two weeks ago has published a second zero-day security Article 1891 words 13 votes
Report: Data Breach in Biometric Security Platform Affecting Millions of Users security Article 1379 words 8 votes
Down the Rabbit Hole: Reverse-engineering the Windows Text Services Framework and discovering major vulnerabilities that have existed for almost 20 years security Article 3672 words 8 votes
Netflix has discovered multiple vulnerabilities in HTTP/2 implementations that can be used in denial of service attacks security Link 14 votes
Coinbase describes their investigation and response to a sophisticated phishing attack on their employees utilizing two Firefox zero-day vulnerabilities security Article 1629 words 10 votes
Local Privilege Escalation exploit found in Steam Windows client - Valve rejected the report, and HackerOne tried to forbid disclosure security Article 1475 words 12 votes
An Introduction to Mobile Networks, SIM Cards, and GSM. hardware security Video 11:09, published Oct 5 2018 9 votes
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception security Article 2403 words, published Mar 18 2019 9 votes
Introducing time.cloudflare.com, a free time service that supports both NTP and the emerging Network Time Security (NTS) protocol for securing NTP security Article 2349 words 13 votes
Google Project Zero researcher releases denial-of-service vulnerability in Windows SymCrypt library security Article 990 words 9 votes
I’m harvesting credit card numbers and passwords from your site. Here’s how. security Article 17 votes
Tor Browser for Android 8.5 offers mobile users privacy boost privacy security Article 433 words 3 votes
Git ransom campaign incident report—Atlassian Bitbucket, GitHub, GitLab security Article 1147 words 14 votes
CPU.fail - Multiple attacks against modern Intel CPUs disclosed (ZombieLoad, RIDL, Fallout) security Link 43 votes
The Trade Secret: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers security Article 9166 words 9 votes
Matrix.org - Post-mortem and remediations for Apr 11 security incident security Article 6493 words 9 votes
Buckeye (cyber espionage group linked to China) was using NSA hacking tools at least a year before the Shadow Brokers leak security Article 1778 words 5 votes