vulnerabilities – SSL and internet security news

CVE Program Almost Unfunded

April 16, 2025 infossl

cybersecurity, dhs, national security policy, Security technology, Uncategorized, vulnerabilities

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common … Read More “CVE Program Almost Unfunded” »

AI Vulnerability Finding

April 11, 2025 infossl

AI, microsoft, Security technology, Uncategorized, vulnerabilities

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and … Read More “AI Vulnerability Finding” »

The Signal Chat Leak and the NSA

March 31, 2025 infossl

defense, Department of Defense, Security technology, signal, Uncategorized, vulnerabilities

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. “I didn’t see this loser in the group,” Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. … Read More “The Signal Chat Leak and the NSA” »

CISA Identifies Five New Vulnerabilities Currently Being Exploited

March 5, 2025 infossl

privilege escalation, Security technology, Uncategorized, vulnerabilities

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread. Powered by WPeMatico

New Windows IPv6 Zero-Click Vulnerability

August 16, 2024 infossl

microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, … Read More “New Windows IPv6 Zero-Click Vulnerability” »

Nearly 7% of Internet Traffic Is Malicious

July 31, 2024 infossl

denial of service, malware, Security technology, spam, Uncategorized, vulnerabilities

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles. Powered by WPeMatico

Compromising the Secure Boot Process

July 26, 2024 infossl

cryptography, encryption, keys, passwords, Security technology, supply chain, Uncategorized, vulnerabilities

This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December … Read More “Compromising the Secure Boot Process” »

RADIUS Vulnerability

July 10, 2024 infossl

academic papers, authentication, man-in-the-middle attacks, protocols, Security technology, Uncategorized, vulnerabilities

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or … Read More “RADIUS Vulnerability” »

New Open SSH Vulnerability

July 3, 2024 infossl

Security technology, ssh, Uncategorized, vulnerabilities

It’s a serious one: The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. […] This vulnerability, if exploited, could lead to full system compromise … Read More “New Open SSH Vulnerability” »

Using LLMs to Exploit Vulnerabilities

June 17, 2024 infossl

academic papers, artificial intelligence, cyberattack, cybersecurity, LLM, Security technology, Uncategorized, vulnerabilities, zero-day

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are … Read More “Using LLMs to Exploit Vulnerabilities” »