1 votes and 0 so far on reddit

by Luka Treiber, 0patch Team In April, Steven Seeley of Source Incite published a report  of a vulnerability in Foxit Reader and P...

RichFaces is one of the most popular component libraries for JavaServer Faces (JSF). In the past, two vulnerabilities (CVE-2013-2165 and CVE...

PineSec is a"CitySec" Information Security Meetup in Manchester, New Hampshire
Our topic for June is the Internet of Insecure Things.   Bring your favorite IoT gadget to be torn apart (literally or figuratively) for our amusement.
PineSec is an informal monthly…

Some time ago I detailed PHP Object Injection vulnerabilities and this post will get into details of Java deserialization vulnerabilities. The concept is simple: developers use a feature of the pro…

IoT attacks can be classified into three levels: Level 0 (attacking device with no authentication), Level 1 (guessing a weak/default…

According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical…

This blog post explains the story behind a bug which had existed in the Steam client for at least the last ten years, and until last July would have resulted in remote code execution (RCE) in all 15 million active clients. 

Proof of Stake protocols are in the spotlight as more and more high-profile blockchains attempt to switch over from Proof of Work…

Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known

I was reading an article from Brian Krebs about the Real Jokers Stash and the crazy stuff that goes into the darkweb / cybercrime forums…

A hacker took control of Ticketfly's website and claims to have stolen the company's customer database.

Occasionally, one or several phases requiring physical access to a machine are included during Red Team exercises. This requires redesigning how to confront this type of particular scenarios. In this post, it is explained the physical intrusion process followed…

Schedule, talks and talk submissions for BSidesLisbon2018