Tag: flaws
-
Hacker News: Towards a test-suite for TOTP codes
Source URL: https://shkspr.mobi/blog/2025/03/towards-a-test-suite-for-totp-codes/ Source: Hacker News Title: Towards a test-suite for TOTP codes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text critiques the TOTP (Time-based One-Time Password) specification, highlighting discrepancies between major implementations and emphasizing the need for consistency in security standards. The author has created a test suite to help identify…
-
The Register: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature
Source URL: https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/ Source: The Register Title: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature Feedly Summary: 1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware…
-
The Register: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time
Source URL: https://www.theregister.com/2025/02/27/wallbleed_vulnerability_great_firewall/ Source: The Register Title: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time Feedly Summary: Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for…
-
The Register: Bybit declares war on North Korea’s Lazarus crime-ring to regain $1.5B stolen from wallet
Source URL: https://www.theregister.com/2025/02/26/bybit_lazarus_bounty/ Source: The Register Title: Bybit declares war on North Korea’s Lazarus crime-ring to regain $1.5B stolen from wallet Feedly Summary: Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it,…
-
The Register: 200-plus impressively convincing GitHub repos are serving up malware
Source URL: https://www.theregister.com/2025/02/26/infosec_bytes/ Source: The Register Title: 200-plus impressively convincing GitHub repos are serving up malware Feedly Summary: Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Infosec bytes Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious…
-
The Register: MITRE Caldera security suite scores perfect 10 for insecurity
Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…
-
The Register: How nice that state-of-the-art LLMs reveal their reasoning … for miscreants to exploit
Source URL: https://www.theregister.com/2025/02/25/chain_of_thought_jailbreaking/ Source: The Register Title: How nice that state-of-the-art LLMs reveal their reasoning … for miscreants to exploit Feedly Summary: Blueprints shared for jail-breaking models that expose their chain-of-thought process Analysis AI models like OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Thinking can mimic human reasoning through a process called chain of thought.……
-
Rekt: ByBit – Rekt
Source URL: https://www.rekt.news/bybit-rekt Source: Rekt Title: ByBit – Rekt Feedly Summary: $1.43B heist on ByBit claims the throne on our Rekt Leaderboard! Lazarus pulled off the perfect digital sleight-of-hand, making multisig signers see legitimate transactions while signing away the keys to the kingdom. Now ByBit’s offering $140M to catch the hackers. AI Summary and Description:…
-
The Register: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
Source URL: https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/ Source: The Register Title: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws Feedly Summary: PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in…