"This paper presents the first systematic approach for detecting and exploiting Object Injection Vulnerabilities in .NET applications including the framework and libraries."

https://www.ndss-symposium.org/ndss-paper/serialdetector-principled-and-practical-exploration-of-object-injection-vulnerabilities-for-the-web/

Критика нашумевшей статьи о новом алгоритме факторизации, который (цитата): "...destroys the RSA cryptosystem": https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur

TL/DR: сенсации в этот раз не случилось, увы.

Quantum Collision Attacks on Reduced SHA-256 and SHA-512

"In this paper, we for the first time show dedicated quantum collision attacks on SHA-256 and SHA-512. The attacks reach 38 and 39 steps, respectively, which significantly improve the classical attacks for 31 and 27 steps. Both attacks adopt the framework of the previous work that converts many semi-free-start collisions into a 2-block collision, and are faster than the generic attack in the cost metric of time-space tradeoff. We observe that the number of required semi-free-start collisions can be reduced in the quantum setting, which allows us to convert the previous classical 38 and 39 step semi-free-start collisions into a collision. The idea behind our attacks is simple and will also be applicable to other cryptographic hash functions."

https://eprint.iacr.org/2021/292

The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts

"In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry proposed a plethora of tools to scan smart contracts for vulnerabilities before deploying them on the blockchain. However, most of these tools solely focus on detecting vulnerabilities and not attacks, let alone quantifying or tracing the number of stolen assets. In this paper, we present Horus, a framework that empowers the automated detection and investigation of smart contract attacks based on logic-driven and graph-driven analysis of transactions. Horus provides quick means to quantify and trace the flow of stolen assets across the Ethereum blockchain. We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild. Our investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant. Finally, we also demonstrate the practicality of our framework via an in-depth analysis on the recent Uniswap and Lendf.me attacks."

https://eprint.iacr.org/2021/284

ghidra_nodejs

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries.

https://github.com/PositiveTechnologies/ghidra_nodejs

Lord of the Ring(s): Side Channel Attacks on the
CPU On-Chip Ring Interconnect Are Practical

We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect.

https://arxiv.org/pdf/2103.03443.pdf
https://github.com/FPSG-UIUC/lotr

Торговля лицом FTW https://habr.com/ru/company/ruvds/blog/546026/

Deep Learning for Symbolic Mathematics

Neural networks have a reputation for being better at solving statistical or approximate problems than at performing calculations or working with symbolic data. In this paper, we show that they can be surprisingly good at more elaborated tasks
in mathematics, such as symbolic integration and solving differential equations. We propose a syntax for representing mathematical problems, and methods for generating large datasets that can be used to train sequence-to-sequence models. We achieve results that outperform commercial Computer Algebra Systems such as Matlab or Mathematica.

https://arxiv.org/pdf/1912.01412.pdf

A Spectre proof-of-concept for a Spectre-proof web

In this post, we will share the results of Google Security Team's research on the exploitability of Spectre against web users, and present a fast, versatile proof-of-concept (PoC) written in JavaScript which can leak information from the browser's memory. We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations.

https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html