Security Vulnerabilities

The Shadow Inside: Why HTTP Smuggling Still Disrupts Networks

by
The Shadow Inside: Why HTTP Smuggling Still Disrupts Networks

DELE 4 Generation In the ever-evolving battlefield of web application security, firewalls are becoming increasingly intelligent, and scanners are becoming more aggressive, yet some vulnerabilities still **slip silently through the cracks**. One of these — **HTTP Request Smuggling (HRS)** — has once again emerged as a *high-impact*, *low-visibility* threat capable of bypassing authentication, hijacking sessions, … Read more

Popular Chrome Extensions Expose Dual Vulnerabilities of HTTP and Hardcoded Keys

by
Popular Chrome Extensions Expose Dual Vulnerabilities of HTTP and Hardcoded Keys

Source: Security Circle Cybersecurity researchers have discovered serious security vulnerabilities in several popular Google Chrome extensions: transmitting data over HTTP in plaintext and hardcoding keys in the code, putting user privacy and security at risk. Symantec’s Security Technology Response Team researcher pointed out: “Several widely used extensions transmit sensitive data via unencrypted HTTP protocols, exposing … Read more

Original Vulnerability | .NET Deserialization Vulnerabilities in Industrial Control Systems

by
Original Vulnerability | .NET Deserialization Vulnerabilities in Industrial Control Systems

OriginalVulnerability 1. Coding Standards and Software Vulnerabilities Software vulnerabilities are often closely related to the lack of coding standards. If input validation, dependency management, and security design principles are ignored during development, even if the functionality is normal, security risks may be hidden. Taking the Java deserialization vulnerability as an example, the essence is that … Read more

The Battle of Code: Rust vs C for the Safety of a Billion Devices!

by
The Battle of Code: Rust vs C for the Safety of a Billion Devices!

Introduction: Attention everyone! Tweede Golf has made a significant move; they want to uncover how to expose memory vulnerabilities and prove the superpowers of the Rust language in protecting the safety of billions of devices. The Dutch Rust software engineering consultancy Tweede Golf recently conducted an experiment that yielded surprising results, revealing why Rust is … Read more

PCB-Level Reverse Engineering of Embedded Device Hardware

by
PCB-Level Reverse Engineering of Embedded Device Hardware

This article introduces some practical basic techniques for PCB-level hardware reverse engineering, which can be used by researchers and white hat groups to analyze unknown hardware. The hardware security laboratory operated by SEC Consult is part of the SEC Consult security lab. The research presented below is just the tip of the iceberg among many … Read more

A Discussion on the Security and Control Risks of ARM Chips

by
A Discussion on the Security and Control Risks of ARM Chips

In recent years, incidents of supply chain disruptions have become frequent. Although the recent two incidents are not directly related to our country, they inevitably evoke a sense of loss and concern. First, ARM’s cancellation of the instruction set architecture license to Qualcomm indicates that commercial reputation is worthless in the face of economic interests. … Read more

Smart Home Devices Turn into ‘Life Spies’: How to Evict the ‘Invisible Guests’?

by
Smart Home Devices Turn into 'Life Spies': How to Evict the 'Invisible Guests'?

The smart vacuum cleaner in your home works right under your nose, while the ‘invisible guest’ watches you through its built-in camera… Recently, a smart vacuum cleaner from a South Korean brand was reported to have security vulnerabilities, allowing hackers to remotely control it and invade personal privacy.Click the audio to learn more! Originally intended … Read more

Safety Hazards in Industrial Control Systems: Common Logic Vulnerabilities in PLC Programs and Security Reinforcement Measures

by
Safety Hazards in Industrial Control Systems: Common Logic Vulnerabilities in PLC Programs and Security Reinforcement Measures

The safety issues in industrial control systems should not be underestimated. In my over ten years of maintenance experience with industrial control systems, I have found that many factory PLC programs have security vulnerabilities. These seemingly minor flaws can lead to equipment damage, production interruptions, and even safety accidents. Today, I will share common logic … Read more

Exploiting ARM Inter-Core Debugging Vulnerabilities to Gain Maximum SoC Hardware Privileges (Part 1)

by
Exploiting ARM Inter-Core Debugging Vulnerabilities to Gain Maximum SoC Hardware Privileges (Part 1)

Once thought that having root meant having the world Until I encountered it only then did I realize there is actually a brighter future (big mistake) Introduction Gaining root access to an operating system is generally considered the endpoint of penetration attacks. However, with the support of security solutions based on TEE (Trusted Execution Environment), … Read more

Embedded System Software Vulnerabilities and Security Isolation

by
Embedded System Software Vulnerabilities and Security Isolation

▲ Click Above to Follow STM32 In the past, developers often overlooked the security issues of embedded devices when discussing them, assuming that embedded devices are not easily susceptible to network attacks and are not targets for hackers, or that simply implementing encryption and authentication suffices for adequate security. However, in today’s world of the … Read more