#security-research

[ follow ]
#cybersecurity

Germany drafts law to protect researchers who find security flaws

Germany is drafting a law to protect security researchers from criminal prosecution.
Responsible reporting of vulnerabilities will be legally shielded under the new law.

Zero Day Initiative - SolarWinds Access Rights Manager: One Vulnerability to LPE Them All

SolarWinds Access Right Manager was found to have critical vulnerabilities that can lead to local privilege escalation on Windows systems.

Researchers find insecure SSH implementations everywhere

The research by runZero found numerous vulnerabilities in poorly secured SSH services, highlighting the importance of addressing security gaps in various devices.

Germany drafts law to protect researchers who find security flaws

Germany is drafting a law to protect security researchers from criminal prosecution.
Responsible reporting of vulnerabilities will be legally shielded under the new law.

Zero Day Initiative - SolarWinds Access Rights Manager: One Vulnerability to LPE Them All

SolarWinds Access Right Manager was found to have critical vulnerabilities that can lead to local privilege escalation on Windows systems.

Researchers find insecure SSH implementations everywhere

The research by runZero found numerous vulnerabilities in poorly secured SSH services, highlighting the importance of addressing security gaps in various devices.
morecybersecurity
#vulnerabilities

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch

Rookie security flaws in ransomware gangs' web infrastructure saved companies from paying hefty ransoms.

Google patches Quick Share for Windows to shut malware hole

Google's Quick Share for Windows had 10 now-fixed bugs, allowing remote code execution through a full RCE chain.

Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms | TechCrunch

Rookie security flaws in ransomware gangs' web infrastructure saved companies from paying hefty ransoms.

Google patches Quick Share for Windows to shut malware hole

Google's Quick Share for Windows had 10 now-fixed bugs, allowing remote code execution through a full RCE chain.
morevulnerabilities

Zombie worm continues to infect millions of IPs years after it was left for dead

An old USB worm, self-replicating and backdooring devices, remains active on thousands if not millions of machines despite creators losing control.

Restricting Flipper is a Zero Accountability Approach to Security: Canadian Government Response to Car Hacking

Canada announces ban on Flipper Zero for keyless car theft
Banning general purpose devices like Flipper Zero hampers security research and technological development

ALPHV/BlackCat gang vanishes amid ransomware 'turmoil' | Computer Weekly

ALPHV/BlackCat ransomware crew shut down server infrastructure amid allegations of stealing millions
No law enforcement action involved in the takedown according to National Crime Agency report
#hacking

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.
morehacking

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

German security researchers at risk of prosecution for "hacking" because of a plain text hardcoded password?

German law classifies security research as hacking, making it risky.
The court ruling in Germany considers circumventing a password protection mechanism as hacking.

AI-assisted bug reports make developers bear cost of cleanup

AI models like Google Bard and GitHub Copilot can generate inaccurate results and cause problems for industries like law and security research.
The reliance on AI tools for bug reporting can lead to an increase in plausible-sounding but inaccurate bug reports.
#data-leak

It's not all doom and gloom: When cybersecurity gave us hope in 2023 | TechCrunch

A security researcher found a Bangladeshi government website leaking citizens' personal information, which was eventually fixed by the country's computer emergency incident response team (CIRT).
The government sent an email thanking the researcher for their finding and reporting the bug, showing a willingness to engage in cybersecurity.

It's not all doom and gloom: When cybersecurity gave us hope in 2023 | TechCrunch

A security researcher found a Bangladeshi government website leaking citizens' personal information, which was eventually fixed by the country's computer emergency incident response team (CIRT).
The government sent an email thanking the researcher for their finding and reporting the bug, showing a willingness to engage in cybersecurity.

It's not all doom and gloom: When cybersecurity gave us hope in 2023 | TechCrunch

A security researcher found a Bangladeshi government website leaking citizens' personal information, which was eventually fixed by the country's computer emergency incident response team (CIRT).
The government sent an email thanking the researcher for their finding and reporting the bug, showing a willingness to engage in cybersecurity.

It's not all doom and gloom: When cybersecurity gave us hope in 2023 | TechCrunch

A security researcher found a Bangladeshi government website leaking citizens' personal information, which was eventually fixed by the country's computer emergency incident response team (CIRT).
The government sent an email thanking the researcher for their finding and reporting the bug, showing a willingness to engage in cybersecurity.
moredata-leak

It's not all doom and gloom: When cybersecurity gave us hope in 2023 | TechCrunch

A security researcher found a Bangladeshi government website leaking citizens' personal information, which was eventually fixed by the country's computer emergency incident response team (CIRT).
The government sent an email thanking the researcher for their finding and reporting the bug, showing a willingness to engage in cybersecurity.

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

SnailLoad is a new side-channel attack that can remotely infer a user's web activity by exploiting network latency, without needing to be in proximity or conduct AitM attacks.
[ Load more ]