Your Smart Speaker Might Be ‘Listening’! Important Considerations When Using Smart Home Devices

Your Smart Speaker Might Be 'Listening'! Important Considerations When Using Smart Home Devices

With the popularity of artificial intelligence and Internet of Things (IoT) technologies, smart home products such as smart locks, robotic vacuum cleaners, and smart whole-house temperature control systems are becoming increasingly common. It is important to note that if sensitive data from smart home products is exploited by malicious individuals, it could lead to information … Read more

What is Bluetooth Man-in-the-Middle Attack?

What is Bluetooth Man-in-the-Middle Attack?

What is Bluetooth Man-in-the-Middle Attack? A man-in-the-middle attack occurs when an attacker inserts themselves between two devices, intercepting their communication and possibly altering the data, often without the users’ knowledge. In Bluetooth, this typically happens with Bluetooth Low Energy (BLE) devices, such as smartwatches. How the attack is carried out: 1.The attacker must be within … Read more

Exploring and Reflecting on the Attack Surface of QEMU Virtualization Security

Exploring and Reflecting on the Attack Surface of QEMU Virtualization Security

QEMU and KVM, as typical representatives of virtualization technology, are widely used in cloud computing systems across various vendors. As software with over a decade of history, QEMU has been plagued by security issues. With the continuous development of cloud computing based on QEMU/KVM virtualization software, its security problems have garnered significant attention in recent … Read more

A Decade of Vigilance: Safeguarding Industrial Control System Security Against the Resurgence of Stuxnet

A Decade of Vigilance: Safeguarding Industrial Control System Security Against the Resurgence of Stuxnet

【Introduction】Today marks the tenth anniversary of the “Stuxnet” virus.Since its first attack in 2009, this virus, known as a “super destructive weapon,” has been in a decade-long game of cat and mouse with global industrial control systems.If we consider a decade as a cycle, then in this era where “cyber warfare” could erupt at any … Read more

C++ Embedded System Security: Protection and Vulnerability Mitigation

C++ Embedded System Security: Protection and Vulnerability Mitigation

C++ Embedded System Security: Protection and Vulnerability Mitigation In today’s technological environment, embedded systems have become increasingly important due to their widespread applications in areas such as IoT devices, home appliances, automotive, and medical equipment. However, as these systems are often connected to networks, they also face numerous security threats. This article will detail how … Read more

Siemens SPPA-T3000 Control System Exposes Critical Vulnerabilities, Leaving Global Power Plants at Risk!

Siemens SPPA-T3000 Control System Exposes Critical Vulnerabilities, Leaving Global Power Plants at Risk!

Recently, Siemens announced that its industrial equipment, commonly used in petrochemical plants and large renewable energy power plants, has 54 security vulnerabilities. Among these, the most severe vulnerabilities can be exploited for denial-of-service (DoS) attacks or remote code execution on arbitrary servers, putting power plants at risk of failure and halting electricity generation. More alarmingly, … Read more

Exploring Vulnerabilities in the VMware Workstation Renderer

Exploring Vulnerabilities in the VMware Workstation Renderer

Background In mid-January, ZDI announced the rules for the 2017 competition, which included a substantial reward for teams that could break VMware and achieve virtual machine escape. VMware is no longer a new target; it was identified as a target in 2016. As a target, VMware has undergone various attacks, with many points of attack … Read more

Breaking the Myth of Air-Gapped Network Security! Air-Gapped Networks Still Vulnerable to DNS Attacks

Breaking the Myth of Air-Gapped Network Security! Air-Gapped Networks Still Vulnerable to DNS Attacks

In May 2022, Dark Reading reported that researchers from Nozomi Networks discovered that common misconfigurations of the Domain Name System (DNS) in enterprise environments could expose air-gapped networks and their high-value assets to external attackers. A blog post by Nozomi Networks’ ICS analyst team explained that this flaw exists in all versions of the widely … Read more

Basic Jitter Measurement Using an Oscilloscope

Basic Jitter Measurement Using an Oscilloscope

Jitter is the short-term variation of a digital signal’s timing relative to its nominal value. There are two main types of jitter: random jitter and deterministic jitter. Random jitter is unbounded, meaning its value continues to increase as the measurement duration increases, and it is related to random processes such as noise. Deterministic jitter, on … Read more

What Does Hacking Historical Databases in Industrial Control Systems Mean?

What Does Hacking Historical Databases in Industrial Control Systems Mean?

Researchers from the industrial cybersecurity company Claroty revealed on January 17 that their Team82 discovered five exploitable vulnerabilities (CVE-2022-46732, CVE-2022-46660, CVE-2022-43494, CVE-2022-46331, and CVE-2022-38469) in GE Digital’s Proficy Historian server, affecting multiple critical infrastructure sectors. Threat actors could exploit these vulnerabilities to access historical data, crash devices, or execute code remotely. These vulnerabilities impact GE … Read more