Events Related

  • BruCON –
    Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.


  • Western Digital drives vulnerable: BadUSB, EvilMaid –
    Most news sites are reporting about bad security in Western Digital hard drives. As presented at the other week, and from the Full Disclosure mailing list from a few days ago.
  • BoringSSL –
    We recently switched Google’s two billion line repository over to BoringSSL, our fork of OpenSSL. This means that BoringSSL is now powering Chromium (on nearly all platforms), Android M and Google’s production services.
  • Advanced x86: Introduction to BIOS & SMM –
    John’s work led to the “BIOS Chronomancy” work (published at both BlackHat and ACM CCS), porting the team’s existing Timing-Based Attestation system from the kernel level down to the BIOS.
  • Wadi Fuzzer –
    One can see the importance of fuzzing as one of the techniques used to test software security against malformed input leading to crashes and in some cases exploitable bugs.
  • lte –
    Presentation about the security features provided by the 3GPP specifications for LTE.


  • thc-ipv6 –
    IPv6 attack toolkit
  • Win10Pcap-Exploit –
    Exploit Win10Pcap Driver to enable some Privilege in our process token ( local Privilege escalation )
  • Mobile-Security-Framework-MobSF –
    Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.

Vendor/Software Patches


  • Retrospection & Full PCAP Reveal Instances of XcodeGhost Dating Back to April 2015 –
    Last month when news broke of XcodeGhost, the iOS malware that infected apps on the Apple App Store, we retrospected our haystack for evidence of this malware across our customers. We quickly discovered that more than half of our customers had affected devices on their networks, with infections dating as far back as April 25th, 2015 (much earlier than reported by several news outlets).


  • X-Ray Scans Expose an Ingenious Chip-and-Pin Card Hack –
    The chip-enabled credit card system long used in Europe, a watered down version of which is rolling out for the first time in America, is meant to create a double check against fraud.In a so-called “chip-and-PIN” system, a would-be thief has to both steal a victim’s chip-enabled card and be able to enter the victim’s PIN.
  • Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access –
    Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.

Other News

  • Hacking for Security, and Getting Paid for It –
    Technology companies including Google, Facebook, Dropbox, Microsoft, Yahoo, PayPal and even the electric-car maker Tesla now offer hackers bounties for reporting the flaws they find in the companies’ wares.
  • Symantec Intelligence Report: September 2015 –
    Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
  • Congress Is Trying to Ban Car Hacking In Every Possible Form –
    Today, the House Energy and Commerce Committee began safety hearings with a proposed bill to reform the National Highway Traffic Safety Administration. That bill contains a provision which completely outlaws car owners from hacking their own cars.
  • Security researchers face wrath of spy agencies –
    Researchers tasked with revealing attacks by intelligence agencies are being harassed, locked out of tenders, and in some cases deported, Kaspersky researcher Juan Andrés Guerrero-Saade says.


Leave A Comment