Vulnerability Disclosure
Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24
Insight #1: North Korean IT spies The threat of state-sponsored cyber espionage is real and evolving. Recent reports reveal North Korean IT professionals are using stolen identities and advanced tactics to infiltrate ...
Out of the kernel, into the tokens
By Max Ammann and Emilio López Our application security team leaves no stone unturned; our audits dive deeply into areas ranging from device firmware, operating system kernels, and cloud systems to widely ...
Breaking the shared key in threshold signature schemes
By Fredrik Dahlgren Today we are disclosing a denial-of-service vulnerability that affects the Pedersen distributed key generation (DKG) phase of a number of threshold signature scheme implementations based on the Frost, DMZ21, ...
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs ...
Billion times emptiness
By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to ...
Struts2 CVE-2023-50164 by the numbers
Over the past few years, a not-so-great holiday season tradition has been critical security vulnerabilities that come out at the last minute, prompting action and fast responses at a time when resources ...
Supermicro IPMI Firmware Vulnerabilities Disclosed
A number of security flaws have recently been discovered in Supermicro’s baseboard management controllers (BMCs). These Supermicro IPMI firmware vulnerabilities in the Intelligent Platform Management Interface (IPMI) pose serious dangers, including privilege ...
Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too)
A Hungarian researcher found a nasty Android security bug: Malicious people can unlock your phone ...
A New OpenSSL Vulnerability Is Coming – Get Ready to Patch
On Tuesday 1st of November, between 1-5pm UTC a new version of the widely adopted OpenSSL 3.x series will be released for general consumption. The OpenSSL project announced this in their mailing ...
Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox
TL;DR Today Assura is announcing the discovery of two new vulnerabilities in Quicklert for Digium Switchvox. Late in 2021, Assura’s Offensive Security Operations team conducted a penetration test that uncovered two critical severity ...