Proof-of-concept exploits published for the Microsoft-NSA crypto bug

Thursday, January 16th, 2020

Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations ...

The EFAIL vulnerability – why it’s OK to keep on using email

Tuesday, May 15th, 2018

This week’s bug of the month is the trendily-named EFAIL. Like many groovy bugs these days, it’s both a BWAIN (bug with an impressive name) and a BWIVOL (bug with its very own logo, shown in the image at the top of this article). The name is a pun of sorts on ...

New “Quad9” DNS service blocks malicious domains for everyone

Thursday, November 16th, 2017

The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. That system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts—primarily ...

Researcher discloses 10 D-Link zero-day router flaws

Monday, September 11th, 2017

When a zero-day vulnerability becomes public, of which by its nature no patches or fixes are available at the time, one is enough for vendors to come to terms with in order to rapidly devise a solution. D-Link now has 10 such previously-unknown bugs on its plate to fix. Last week, security ...

Hardcoded Credentials Expose Customers of AT&T U-Verse

Friday, September 1st, 2017

On August 31, 2017, Nomotion released five vulnerabilities for two Arris modems used by AT&T U-Verse customers in the US. The vulnerabilities are of the following types: Hardcoded Credentials (CWE-798) Information Exposure (CWE-200) Authenticated Command Injection (CWE-78) Firewall Bypass (CWE-653) The hardcoded credentials give attackers access to the device via SSH or HTTP/HTTPS. ...