Loading...

Month: March 2019

VMware Releases Security Updates

Original release date: March 29, 2019 VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and [ … ]

TLS CBC Padding Oracles in 2019

*UPDATE: Padcheck source is now available on GitHub: https://github.com/Tripwire/padcheck* Since August, I’ve spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of [ … ]

What is Zombie POODLE?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came [ … ]

What is GOLDENDOODLE Attack?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came [ … ]

Massively invasive Italian spyware campaign found on Google Play

The non-profit security organization Security Without Borders (SWB) has identified a campaign utilizing Italian-language service applications from mobile operators apps that instead of doing their stated function are in fact spyware. The groups report stated that dozens of infected apps [ … ]

NSA-Inspired Vulnerability Found in Huawei Laptops

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government [ … ]