Collaborate Disseminate
Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information.
TrueFire is one of the popular g… Continue reading TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach
BugBounty story #bugbountytips
A fixed but they didn’t pay the bugbounty story…
Timeline:
reported 21 Oct 2019
validated at Critical 23 Oct 2019
validated as fixed 30 Oct 2019
Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019
I… Continue reading What is your GCP infra worth?…about ~$700 [Bugbounty]
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to an… Continue reading Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability — Install It ASAP!
Hardly a week (sometimes a day??) passes without some mention of ransomware, and another organization or municipality (or three) feeling the impact of a ransomware attack. In fact, just recently, the City of Durham, NC, was hit with a Ryuk ransomware i… Continue reading Ransomware
As I prepare a presentation for a government agency, I’ve been thinking quite a bit about the idea of “program execution”. I’ve actually blogged on this topic before, and I thought that maybe now was a good time to revisit the topic.What does tha… Continue reading Revisiting Program Execution
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.
… Continue reading Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them.
Modern Intel CPUs have now been found vulnerable to a new attack that in… Continue reading LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency’s classified hacking and tools and leaking it to WikiLeaks whistleblower website.
While t… Continue reading Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware… Continue reading Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, route… Continue reading New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices