Multiple Vulnerabilities Found in Hickory Smart Lock

Multiple Vulnerabilities Found in Hickory Smart Lock

Recently, the Rapid7 security research team discovered multiple security vulnerabilities in the Hickory Bluetooth smart series BlueTooth Enabled Deadbolt locks. The vulnerabilities involve its mobile app and cloud-hosted web services and MQTT protocol.As of the vulnerability disclosure deadline, Hickory had not acknowledged these vulnerabilities nor released any patches or fixes. Introduction to Hickory Smart Bluetooth … Read more

Exclusive | Zou Chunming: Information Security and Protection Levels of Industrial Control Systems (Full PPT Attached)

Exclusive | Zou Chunming: Information Security and Protection Levels of Industrial Control Systems (Full PPT Attached)

Click the image to learn more details! Introduction On September 12, 2018, the “2018 7th Industrial Control System Information Security Summit – Guangzhou Station” was grandly held at the San Yu Hotel in Guangzhou, hosted by the Industrial Control System Information Security Industry Alliance (hereinafter referred to as the Industrial Security Industry Alliance) and the … Read more

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

This year’s 315 Evening Gala exposed six categories of smart hardware or technology-related products, including drones, smart buildings, smart homes, security cameras, card POS machines, and smart cars. Among them, the DJI drone was showcased as a case of being hijacked by hackers in the information security segment. According to reports from CCTV, under the … Read more

Chinese Professor’s Actions Spark Outrage After Linux Kernel Blacklists University for Submitting Vulnerabilities

Chinese Professor's Actions Spark Outrage After Linux Kernel Blacklists University for Submitting Vulnerabilities

Author | Xu Xuanjuan“Even if you can provide evidence that those patches are effective, why are we actually wasting time doing extra work?” Linus Torvalds must be furious. Recently, Greg Kroah-Hartman, the maintainer of the Linux kernel stable branch, blacklisted the University of Minnesota (UMN), prohibiting it from submitting patches to the mainline Linux kernel. … Read more

Wormable AirPlay Vulnerabilities: Zero-Click Remote Control of Apple Devices in Public Wi-Fi Environments

Wormable AirPlay Vulnerabilities: Zero-Click Remote Control of Apple Devices in Public Wi-Fi Environments

Cybersecurity researchers have recently disclosed a series of security vulnerabilities in Apple’s AirPlay protocol, which have now been patched. Attackers could successfully exploit these vulnerabilities to control devices that support this proprietary wireless technology. The Israeli cybersecurity company Oligo has collectively referred to these vulnerabilities as AirBorne. Vulnerability Combination Enables Worm-like Attacks Researchers Uri Katz, … Read more

Statistical Study of High-Frequency Attack Surfaces and Vulnerability Types in the Linux Kernel

Statistical Study of High-Frequency Attack Surfaces and Vulnerability Types in the Linux Kernel

Collected and organized all Linux kernel vulnerabilities from January 1, 2022, to February 18, 2023, with data sourced from NVD, totaling 314 vulnerabilities. The analysis of the Linux kernel attack surface is based on CWE types and the subsystems where the vulnerabilities are located. CWE Statistics According to publicly available CVE information, a total of … Read more

Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

The following is a classification and organization of vulnerabilities in the HTTP/HTTPS protocols based on the perspectives of black box testing、white box testing and gray box testing: 1. Black Box Testing (External Perspective, No Internal Access) Definition: Simulates the attacker’s perspective, testing only through external network interfaces without relying on internal system code or configuration … Read more

Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Vulnerability Alert Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack On July 30, the Armis security research team published an article claiming that they discovered a total of 11 vulnerabilities in the VxWorks TCP/IP stack, of which 6 vulnerabilities could lead to remote code execution. Vulnerability Description VxWorks is currently the most widely used … Read more

Analysis of the Attack Surface of Ubus Inter-Process Communication Mechanism in OpenWRT

Analysis of the Attack Surface of Ubus Inter-Process Communication Mechanism in OpenWRT

01 Introduction Ubus is the inter-process communication mechanism in OpenWRT, which simplifies the implementation of inter-process communication. The foundation of ubus is the UNIX Socket, which is a local socket that is more efficient and reliable compared to traditional network communication sockets. 1.1 Model Architecture UNIX Socket adopts a C/S model architecture, divided into server … Read more

Urgent Warning: Multiple Critical Vulnerabilities in RTOS VxWorks

Urgent Warning: Multiple Critical Vulnerabilities in RTOS VxWorks

0x00 Background Researchers at Armis have discovered 11 zero-day vulnerabilities in VxWorks, the most popular real-time operating system (RTOS), used by over 2 billion devices, including critical mission devices in industrial, medical, and enterprise settings. These vulnerabilities, referred to as ‘URGENT / 11′, exist in IPnet, VxWorks’ TCP/IP stack, affecting versions released over the past … Read more