New open source tool for LTE, GSM and 3G mobile radio monitoring and protocol analysis in Python: QCsuper labs.p1sec.com/2019/07/09/pre… #LTE #GSM #Security #MobileRadio

#Podcast #Cybersécurité Episode #239 consacré à SimJacker avec Benoit Michau nolimitsecu.fr/simjacker/

All authentication vectors are not made equal : P1 Security discovers a vulnerability allowing insecure reuse of SS7 3G authentication vectors over 4G white paper available: labs.p1sec.com/2021/09/30/all… (CVD-2021 0046)

Log4j RCE-OVER-SIGNALING a new dedicated test scenario leveraging the #Log4j vulnerability for signaling network in customer environments developed by P1 Security Labs Team Blogpost : labs.p1sec.com/2021/12/22/rem… #Log4Shell #CyberSec

New P1 Labs blog post on 5G Core Network (Pen)Testing, including 6 (fixed) vulnerabilities in Open Source 5G Core Network implementation #5G #security labs.p1sec.com/2021/12/31/pen…

We are #hiring. Know anyone who might be interested? Software development on our vulnerability scanner (Python, angular, RoR, rust, lua) & operators telecom hacking(SS7, Diameter, RAN, SIP/VoLTE/VoWiFi, 5G, ...) and DevOps. Remote ✅ linkedin.com/jobs/view/2879…

Observations on how the #Internet infrastructure in #Ukraine is holding up: labs.ripe.net/author/emileab…

Old GPRS encryption algorithms should be phased out, both from networks and handsets. See our last blogpost on this topic: labs.p1sec.com/2022/03/24/wea… #cybersecurity #gprs

P1 Security Lab is happy to release hermes-dec, an open-source disassembler and decompiler for the React Native Hermes bytecode: labs.p1sec.com/2023/01/09/rel…. We hope this will foster the security research around mobile apps based on this environment. #telecomsecurity #android #ios

Most individuals complaining about Ledger Recover evidently lack understanding of wallet security or, indeed, security in the real-world in general. The solution, if implemented properly, will be a step in the right direction. When I say "in the right direction", I imply that

Pycrate has a new home : github.com/pycrate-org/py… ! Please update any references to this new organization, and do not hesitate to participate and contribute ! Pycrate is the goto Python library for anything related to cellular and mobile signalling.

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

By far the best #miniscript experience available today in the market.

I’m pleased to tell you that today, we announced a new Ledger device with a secure E Ink touchscreen, a new standard for hardware wallets. Here’s what you should know about Ledger Flex! 🧵

🚨 Bybit’s $1.4B Hack: The Biggest in History Yesterday, Bybit CEO Ben Zhou announced they had been compromised, with 401,000 ETH stolen ($1.4B). This marks the third major hack in six months attributed to Lazarus, which has stolen over $3B to date.

For me, the biggest takeaway from the ByBit hack is this: Corporations and financial institutions must use enterprise-grade custody solutions Storing $1.4B in a Safe{Wallet} free smart contract with a group of signers designed for retail users should be a relic of the past🧵

🚨 Your browser extensions are spying on you. Even the ones with the blue checkmark. Day 2 of Socket Launch Week: We’re now protecting the Chrome extension ecosystem. 🛡️ (1/7)

In my view, upgradability is best practice, security is never static, it’s a continuous journey where you always need to raise the bar. What we recommend for Tangem users: For best security practices, we strongly advise using very long passwords with letters, numbers & symbols.

🚨 Shai-Hulud 2.0: A new wave of npm supply-chain attacks targeting major packages (Zapier, ENS, PostHog, Postman & more) is ongoing. Attackers inject malicious code into published versions, triggering during pre-install to gain code execution and exfiltrate environment vars,

Exploiting Keyspace Reduction and Relay Attacks on NFC cards. 🔓📡 Proud to see Ledger Donjon’s name on this research — thanks to Philippe Teuwen. Go read it: breakmeifyoucan.com