Multiple critical vulnerabilities were found in the Intel Management Engine, Trusted Execution Engine and Server Platform Services by Intel audit after 3rd party researchers reported the privilege escalation vulnerability.
If you have a vulnerable F5, basically attackers can sign anything with your RSA private key. An F5 BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages.
MalwareHunterTeam discovered a new variant of the CryptoMix ransomware. It uses hardcoded RSA keys and can work offline.
Attackers are using Microsoft’s Office documents Dynamic Data Exchange protocol to download and install malware. Microsoft does not consider it a vulnerability.
Nice step by step guide on how to put shellcode into a legitimate PE file, and make it undetectable.
Extensive review of U2F hardware devices.
al-khaser is a PoC malware with good intentions that aims to stress your anti-malware system. It performs a bunch of nowadays malware tricks and the goal is to see if you stay under the radar.
Puffs is a domain-specific language and library for parsing untrusted file formats safely. Examples of such file formats include images, audio, video, fonts and compressed archives.
Researchers exploited antivirus software quarantine mechanism to gain privileges by manipulating the restore process from the virus quarantine. By abusing NTFS directory junctions, the AV quarantine restore process can be manipulated, so that previously quarantined files can be written to arbitrary file system locations.
Wikileaks released source code of leaked CIA hacking tools and it indicates that the CIA used fake certificates attributed to Kaspersky Labs for signing their malware.
A security researcher has discovered factory application in OnePlus devices. It can be used to gain root privileges, dump photos, collect WiFi & GPS information.
Researchers from the Princeton university have been studying third-party trackers that record sensitive personal data that users type into websites, and the results are not good.
iPhone X's Face ID facial recognition security mechanism system was circumvented by Vietnam experts using a 3D mask.
Security researcher Maxim Goryachy reports being able to execute unsigned code on computers running the Intel Management Engine through USB.
Deep dive into the Facebook sextorcism scheme using fake young girls profiles by the guys from Marseille.
Long read about how the security breaches by the Shadow Brokers damaged the US National Security Agency.
Analysis of a low cost Chinese GSM listening and location device hidden inside the plug of a standard USB data/charging cable.
Privacy Pass is a browser extension for Chrome and Firefox, which uses privacy-preserving cryptography to allow users to authenticate to the services without compromising their anonymity. It uses blind signature schemes.