Critical RCE vulnerabilities in SaltStack result in server breaches for LineageOS, Ghost, DigiCert, and more
15
votes
Showing only topics with the tag "security".
Back to normal view
-
-
Building a secure DNS infrastructure like SecureDNS.eu
5 votes -
Explanation of how a one-line change in the Windows 10 kernel enabled a sandbox escape in Chrome/Edge/Firefox
6 votes -
Multiple vulnerabilities affecting the default Mail application on iOS since at least January 2018, with evidence of being exploited in targeted attacks
10 votes -
Userdir URLs like https://example.org/~username/ are dangerous
5 votes -
Webcam Hacking—The story of how I gained unauthorized Camera access on iOS and macOS
4 votes -
Speeding up Linux disk encryption
8 votes -
Notes on auth token persistence
5 votes -
Full Report on the Voatz Mobile Voting Platform
5 votes -
The main Avast antivirus service contained a custom JavaScript interpreter, enabling wormable pre-auth RCEs. Avast has now disabled the emulator in response to a vulnerability report
13 votes -
Don’t try to sanitize input. Escape output
6 votes -
A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine
8 votes -
Let's Encrypt is revoking about 2.6% of active certificates on March 4th due to a bug in their CAA code
18 votes -
Have I Been Pwned is no longer being sold, and Troy Hunt will continue running it independently
29 votes -
Let's Encrypt has issued one billion certificates
12 votes -
Defeating a Laptop's BIOS Password
13 votes -
Security researcher hacks SlickWraps, publishes a disclosure
8 votes -
Security things in Linux v5.4
4 votes -
OpenSSH 8.2 released - disables the legacy "ssh-rsa" algorithm, adds support for FIDO/U2F hardware tokens
12 votes -
Reverse engineering Blind's API and client side encryption
4 votes -
Sometimes you have to stick a screwdriver in it (or how to liberate a Chromebook in ten easy steps)
8 votes -
Dangerous Domain Corp.com Goes Up for Sale
21 votes -
Hey Cortana, how do I do a crime?
9 votes -
Building a simple VPN with WireGuard and a Raspberry Pi
6 votes -
Transparent and verifiable electronic elections are technically feasible, but the techniques used are not actually viable for running most elections—and definitely not for remote voting
5 votes -
LPE and RCE in OpenSMTPD (CVE-2020-7247)
6 votes -
Locking down the EC2 Instance Metadata Service: Announcing imds-filterd
2 votes -
Exploiting the Windows CryptoAPI vulnerability
6 votes -
The Bug That Exposed Your PayPal Password
17 votes -
Multiple vulnerabilities discovered in TikTok enabling sending arbitrary links through SMS, exposing private account data, and more
11 votes -
BusKill: A kill cord for your laptop
13 votes -
The strange story of “Extended Random”
8 votes -
WireGuard VPN slated for inclusion in Linux 5.6
11 votes -
[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections
7 votes -
Email authentication: SPF, DKIM and DMARC out in the wild
8 votes -
Beware of shell globs
9 votes -
Kaspersky vulnerabilities: uninstalling any Chrome extension, tracking users in incognito or different browsers, and controlling functionality with links
9 votes -
Multiple Fortinet products communicate with FortiGuard services while only "encrypting" sensitive user data using XOR with a hardcoded key
9 votes -
Bad Binder: A use-after-free exploit in Binder in the Android kernel that was being exploited in the wild
5 votes -
Explanation and proof-of-concept exploitation of a vulnerability in the "docker cp" command that enabled full container escape and root control of the host
6 votes -
Infectious Executable Stacks and GCC's extension that allows closures in C
7 votes -
security things in Linux v5.3
5 votes -
Announcing GitHub Security Lab: securing the world’s code, together
5 votes -
Bytecode Alliance: Building a secure by default, composable future for WebAssembly
9 votes -
The benefits of test-case reduction, and tools that can help do it automatically
3 votes -
Chrome 0-day exploit CVE-2019-13720 used a race condition and a Use-After-Free to install persistent malware on Windows
10 votes -
Cloudflare's implementation of the Network Time Security protocol, written in Rust
8 votes -
Certbot usability case study: Making it easier to get HTTPS certificates
12 votes -
Critical security issue identified in iTerm2 as part of Mozilla open source audit
12 votes -
Minerva: A group of side-channel vulnerabilities in implementations of ECDSA/EdDSA
7 votes