IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • Multiple Critical Vulnerabilities Found in Popular Motorized Hoverboards
    By Thomas Kilbride Not that long ago, motorized hoverboards were in the news – according to widespread reports, they had a tendency to catch on fire and even explode. Hoverboards were so dangerous that the National Association of State Fire Marshals (NASFM) issued a statement recommending consumers “look for indications of acceptance by recognized testing organizations” when purchasing the
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • WannaCry vs. Petya: Keys to Ransomware Effectiveness
    By Daniel Miessler With WannaCry and now Petya we’re beginning to see how and why the new strain of ransomware worms are evolving and growing far more effective than previous versions. I think there are 3 main factors: Propagation, Payload, and Payment.* Propagation: You ideally want to be able to spread using as many different types of techniques as you can. Payload: Once you’ve infected the
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • APIs are 2FA Backdoors
    By Daniel Miessler Two-factor Authentication (2FA) today is something like having a firewall in the year 2000: if you say you have it, it basically stops any further questioning. Unfortunately, when you have a powerful and mismanaged API, 2FA is about as effective as having a stateful firewall protecting a broken web application. It’s time we accept as an industry that API keys and
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • Post #WannaCry Reaction #127: Do I Need a Pen Test?
    By Daniel Miessler In the wake of WannaCry and other recent events, everyone from the Department of Homeland Security to my grandmother are recommending penetration tests as a silver bullet to prevent falling victim to the next cyber attack. But a penetration test is not a silver bullet, nor is it universally what is needed for improving the security posture of an organization. There are
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • #WannaCry: Examining Weaponized Malware
    By Brad Hegrat Attribution: You Keep Using That Word, I Do Not Think It Means What You Think It Means... In internal discussions in virtual halls of IOActive this morning, there were many talks about the collective industry’s rush to blame or attribution over the recent WanaCry/WannaCrypt ransomware breakouts. Twitter was lit up on #Wannacry and #WannaCrypt and even Microsoft got into the
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • We’re gonna need a bigger boat....
    By Brad Hegrat A few weeks ago back in mid-March (2017), Microsoft issued a security bulletin (MS17-010) and patch for a vulnerability that was yet to be publicly disclosed or referenced. According to the bulletin, “the most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. This
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • Linksys Smart Wi-Fi Vulnerabilities
    By Tao Sauvage Last year I acquired a Linksys Smart Wi-Fi router, more specifically the EA3500 Series. I chose Linksys (previously owned by Cisco and currently owned by Belkin) due to its popularity and I thought that it would be interesting to have a look at a router heavily marketed outside of Asia, hoping to have different results than with my previous research on the BHU Wi-Fi uRouter,
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • Hacking Robots Before Skynet
    By Cesar Cerrudo (@cesarcer) and Lucas Apa (@lucasapa) Robots are going mainstream in both private and public sectors - on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. Robots are already showing up in many of these roles today, and in
IOActive, Inc.
IOActive, Inc.
Blog Article

New blog articles detected.

  • Let's Terminate XML Schema Vulnerabilities
    By Fernando Arnaboldi XML eXternal Entity (XXE) attacks are a common threat to applications using XML schemas, either actively or unknowingly. That is because we continue to use XML schemas that can be abused in multiple ways. Programming languages and libraries use XML schemas to define the expected contents of XML documents, SAML authentications or SOAP messages. XML schemas were intended to
  • Harmful prefetch on Intel
    By Enrique Nissim We've seen a lot of articles and presentations that show how the prefetch instruction can be used to bypass modern OS kernel implementations of ASLR. Most of the public work however only focuses on getting base addresses of modules with the idea of building a ROP chain or maybe patching some pointer/value of the data section. This post represents an extension of previous work,
  • In Flight Hacking System
    By Ruben Santamarta In my five years with IOActive, I’ve had the opportunity to visit some awesome places, often thousands of kilometers from home. So flying has obviously been an integral part of my routine. You might not think that’s such a big deal, unless like me, you’re afraid of flying. I don't think I can completely get rid of that anxiety; after dozens of flights my hands still sweat
IOActive, Inc.
IOActive, Inc.
Blog Article

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.