Google Security Blog
Get ready for the 2021 Google CTF
Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Our annual Google CTF i...
h1-ctf - HackerOne
critical - ccc.h1ctf.com CTF
## Summary: Claiming the flag, writeup to follow. ## Impact .
h1-ctf - HackerOne
critical - Adam and the Deadly Injections
Hi team adding the flag here ``` ``` I will do the writeup in the below comments before the deadline itself Thanks Akshansh ## Impact ....
h1-ctf - HackerOne
critical - H1-CTF 100k Solution - Congratz on the 100k Rep todayisnew
Sharing the final flag for now. Writeup will come soon `` ## Impact Takeover of admin account :)
Project Zero Bug Tracker
Samsung NPU (Neural Processing Unit) out-of-bounds write in npu_session_format
Project Zero Bug Tracker
Windows: Kerberos AppContainer Enterprise Authentication Capability Bypass
Brave Software - HackerOne
high - Brave Browser Tor Window leaks user's real IP to the external DNS server (1000.00USD)
## Summary: When a user navigates to a URL in Tor Window, the DNS requests are sent directly without using the Tor proxy, which leaks the user's real IP address and the requested domain name to the user's ISP and the DNS server. ## Products affected: * OS: Ubuntu 18.04.5 LTS x86_64 * Brave: Version 1.18.78 Chromium: 87.0.4280.141 (Official Build) (64-bit) ## Steps To Reproduce: * Open...
Cisco Talos Intelligence Group
Vulnerability Spotlight: EIP Stack Group OpENer information disclosure vulnerability
error code: 1020
RET2 Systems Blog
Exploiting the notoriously unsafe gets() on a PAC-protected ARM64 binary
The latest efforts to harden software against exploitable memory corruption vulnerabilities come in the form of hardware-assisted control flow integrity and ...
arXiv.org
Side-Channel Attacks on RISC-V Processors: Current Progress, Challenges, and Opportunities
Side-channel attacks on microprocessors, like the RISC-V, exhibit security vulnerabilities that lead to several design challenges. Hence, it is imperative to study and analyze these security vulnerabilities comprehensively. In this paper, we present a brief yet comprehensive study of the security vulnerabilities in modern microprocessors with respect to side-channel attacks and their respective mitigation techniques. The focus of this paper is to analyze the hardware-exploitable side-channel attack using power consumption and software-exploitable side-channel attacks to manipulate cache. Towards this, we perform an in-depth analysis of the applicability and practical implications of cache attacks on RISC-V microprocessors and their associated challenges. Finally, based on the comparative study and our analysis, we highlight some key research directions to develop robust RISC-V microprocessors that are resilient to side-channel attacks.
Google Security Blog
Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacksu...
Zero Day Initiative
ZDI-21-502: An Information Disclosure Bug in ISC BIND server
Last year, we received a submission of a remote code execution vulnerability in the ISC BIND server. Later, that same anonymous researcher submitted a second bug in this popular DNS server. Similar to the first bug, it exists within the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) co
arXiv.org
Detecting message modification attacks on the CAN bus with Temporal Convolutional Networks
Multiple attacks have shown that in-vehicle networks have vulnerabilities which can be exploited. Securing the Controller Area Network (CAN) for modern vehicles has become a necessary task for car manufacturers. Some attacks inject potentially large amount of fake messages into the CAN network; however, such attacks are relatively easy to detect. In more sophisticated attacks, the original messages are modified, making the detection a more complex problem. In this paper, we present a novel machine learning based intrusion detection method for CAN networks. We focus on detecting message modification attacks, which do not change the timing patterns of communications. Our proposed temporal convolutional network-based solution can learn the normal behavior of CAN signals and differentiate them from malicious ones. The method is evaluated on multiple CAN-bus message IDs from two public datasets including different types of attacks. Performance results show that our lightweight...
TTS Bug Bounty - HackerOne
high - Denial of service via cache poisoning on https://www.data.gov/
An attacker can persistently block access to any on https://www.data.gov/ by using cache poisoning with the h0st headers to cause 502 response code To replicate: load https://www.data.gov/ in your browser. look the burp , add ?xyzxyz=1 as cache buster , and add h0st headers h0st: wrtqvavjigwdvoqk in your burp. load https://www.data.gov/?xyzxyz=1 in your browser. again. and you win see 502...
UPchieve - HackerOne
high - Cross-origin resource sharing misconfig | steal user information
## Summary An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request. Trusting arbitrary origins effectively disables the same-origin policy,...
arXiv.org
Code Integrity Attestation for PLCs using Black Box Neural Network Predictions
Cyber-physical systems (CPSs) are widespread in critical domains, and significant damage can be caused if an attacker is able to modify the code of their programmable logic controllers (PLCs). Unfortunately, traditional techniques for attesting code integrity (i.e. verifying that it has not been modified) rely on firmware access or roots-of-trust, neither of which proprietary or legacy PLCs are likely to provide. In this paper, we propose a practical code integrity checking solution based on privacy-preserving black box models that instead attest the input/output behaviour of PLC programs. Using faithful offline copies of the PLC programs, we identify their most important inputs through an information flow analysis, execute them on multiple combinations to collect data, then train neural networks able to predict PLC outputs (i.e. actuator commands) from their inputs. By exploiting the black box nature of the model, our solution maintains the privacy of the original PLC code and does...
alpaca-attack.com
ALPACA Attack
News Introduction TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possi...
arXiv.org
Bivariate Polynomial Codes for Secure Distributed Matrix Multiplication
We consider the problem of secure distributed matrix multiplication. Coded computation has been shown to be an effective solution in distributed matrix multiplication, both providing privacy against workers and boosting the computation speed by efficiently mitigating stragglers. In this work, we present a non-direct secure extension of the recently introduced bivariate polynomial codes. Bivariate polynomial codes have been shown to be able to further speed up distributed matrix multiplication by exploiting the partial work done by the stragglers rather than completely ignoring them while reducing the upload communication cost and/or the workers' storage's capacity needs. We show that, especially for upload communication or storage constrained settings, the proposed approach reduces the average computation time of secure distributed matrix multiplication compared to its competitors in the literature.
Node.js - HackerOne
critical - Unexpected input validation of octal literals in nodejs v15.12.0 and below returns defined values for all undefined octal literals.
**Summary:** Unexpected input validation of octal literals in the nodejs implementation of V8 JavaScript engine V8 9.0.257.13 and below returns defined values for all undefined octal literals where otherwise should return undefined. Input data 08, 09... 078, 079 should return undefined, as evinced by 0o8, 0o9 etc. This affects ALL downstream nodejs software. An attacker could abuse a myriad of...
arXiv.org
A2MM: Mitigating Frontrunning, Transaction Reordering and Consensus Instability in Decentralized Exchanges
The asset trading volume on blockchain-based exchanges (DEX) increased substantially since the advent of Automated Market Makers (AMM). Yet, AMMs and their forks compete on the same blockchain, incurring unnecessary network and block-space overhead, by attracting sandwich attackers and arbitrage competitions. Moreover, conceptually speaking, a blockchain is one database, and we find little reason to partition this database into multiple competing exchanges, which then necessarily require price synchronization through arbitrage. This paper shows that DEX arbitrage and trade routing among similar AMMs can be performed efficiently and atomically on-chain within smart contracts. These insights lead us to create a new AMM design, an Automated Arbitrage Market Maker, short A2MM DEX. A2MM aims to unite multiple AMMs to reduce overheads, costs and increase blockchain security. With respect to Miner Extractable Value (MEV), A2MM serves as a decentralized design for users to atomically...