🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Patch Tuesday surprise: Intel Security updated the MDS advisory to include 10th Gen Processor Family (Ice Lake). It was previously claimed to be resistant against MDS, but apparently the mitigation were disabled in the hardware. intel.ly/32gOO9X

Today we publish the details of a fault injection vulnerability affecting the MediaTek BootROM. We achieved code execution in the context of the Preloader, fully circumventing secure boot. Unpatchable. There’s a hole in your SoC: research.nccgroup.com/2020/10/15/the…

Time for the next episode of Bug Bounty Report Explained. Today we take a look at SQLi in Zoom application found by Keegan Ryan that allowed the attacker to take a peek into victim's camera. UTF8 was abused to bypass protections. Enjoy! youtu.be/5CCaQ9OK2vU

Join me on August 15, 2021 for the 4th IACR Workshop on Attacks on Cryptography (WAC4): crypto.iacr.org/2021/wac.php Lots of exciting talks by @ic0nz1 Daniel De Almeida Braga Mathy Vanhoef #JuliaLen Elie Bursztein Luca Wilke @PPessl Omer Shlomovits Victor LOMNE IACR #CryptoNews

Cryptography-Twitter, here's a riddle (I don't know the answer): What happened to this modulus and can you factor it? crt.sh/?id=822860928

So Mark Schultz wrote a whole series of posts explaining LWE (the PQC crypto constructions) from the ground up, with simplified but sane models in Python, and it’s great. mark-schultz.github.io/nist-standard-…

Our improved attack on MEGA's cryptography means that a substantial fraction of users were at higher risk than previously believed. The patches released last month for the original attack are effective here, so make sure you're updated!

If you have not updated your MEGA app or browser extension since 22 June, please do so now: New UCSD research [eprint.iacr.org/2022/914] lowers the minimum number of logins required to exploit older versions from 512 to just six. Additional information at blog.mega.io/mega-security-…

I was relying on this app to publicize that I am defending in April! And looking for 2023 jobs! Guess I'll used...LinkedIn...now? TL;DR If you want to understand/improve security processes using data and research science methods, shoot me a note. I'll post more later if I can

How many SSH servers were vulnerable to the xz backdoor? According to our measurements, there were thousands. More here: infosec.exchange/@keeganryan/11…