Tag: Security Flaw
-
Hacker News: Towards a test-suite for TOTP codes
Source URL: https://shkspr.mobi/blog/2025/03/towards-a-test-suite-for-totp-codes/ Source: Hacker News Title: Towards a test-suite for TOTP codes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text critiques the TOTP (Time-based One-Time Password) specification, highlighting discrepancies between major implementations and emphasizing the need for consistency in security standards. The author has created a test suite to help identify…
-
The Register: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature
Source URL: https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/ Source: The Register Title: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature Feedly Summary: 1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware…
-
The Register: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time
Source URL: https://www.theregister.com/2025/02/27/wallbleed_vulnerability_great_firewall/ Source: The Register Title: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time Feedly Summary: Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for…
-
The Register: MITRE Caldera security suite scores perfect 10 for insecurity
Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…
-
Rekt: ByBit – Rekt
Source URL: https://www.rekt.news/bybit-rekt Source: Rekt Title: ByBit – Rekt Feedly Summary: $1.43B heist on ByBit claims the throne on our Rekt Leaderboard! Lazarus pulled off the perfect digital sleight-of-hand, making multisig signers see legitimate transactions while signing away the keys to the kingdom. Now ByBit’s offering $140M to catch the hackers. AI Summary and Description:…
-
The Register: Oops, some of our customers’ Power Pages sites were exploited, says Microsoft
Source URL: https://www.theregister.com/2025/02/20/microsoft_patch_power_pages/ Source: The Register Title: Oops, some of our customers’ Power Pages sites were exploited, says Microsoft Feedly Summary: Don’t think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got…
-
Hacker News: Wyden Releases Draft Bill to Secure Americans’ Communications
Source URL: https://www.wyden.senate.gov/news/press-releases/wyden-releases-draft-bill-to-secure-americans-communications-against-foreign-surveillance-demands Source: Hacker News Title: Wyden Releases Draft Bill to Secure Americans’ Communications Feedly Summary: Comments AI Summary and Description: Yes Summary: The Global Trust in American Online Services Act, introduced by Senator Ron Wyden, aims to amend the CLOUD Act and strengthen protections against foreign surveillance demands that compromise the security of…
-
Hacker News: DOGE’s ‘Genius’ Coders Launch Website So Full of Holes, Anyone Can Write to It
Source URL: https://www.techdirt.com/2025/02/14/doges-genius-coders-launch-website-so-full-of-holes-anyone-can-write-to-it/ Source: Hacker News Title: DOGE’s ‘Genius’ Coders Launch Website So Full of Holes, Anyone Can Write to It Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The DOGE website, associated with Elon Musk and purportedly intended to enhance government efficiency, has exposed significant security vulnerabilities, allowing anyone to write to its…