Category: Exploits & Attacks

Home | The Security Cards: A Security Threat Brainstorming Kit

The University of Washington has developed a set of 42 playing cards for modeling security and privacy threats. The cards encourage you to brainstorm about potential threats along 4 dimensions: Read More

In an interesting turn, Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets.

The Shadow Brokers released nation-state NSA exploits and Rapid7 researchers explain what this means in a concise article, worth a read.

Think about it. We’ve been sending spacecraft into orbit and beyond for 50 years. Information security was not a primary concern. Many of these systems are IoT devices, in practice, and they won’t all have strong authentication processes or be updatable, so what is the impact if someone hacks a NASA probe? NASA chief has big concerns.

In literally less than 1 week after Apple released iOS 10.3 to remedy 70 vulnerabilities, an overflow bug is discovered by Google Zero team, leading to today’s iOS 10.3.1 patch. Be sure to go to Settings –> General –> Software Update on your iOS device and ensure you have the latest patches.

https://www.scmagazine.com/buffer-overflow-bug-patched-in-latest-ios-update/article/648280/

“Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware.”