Tag: Vulnerabilities

A New Vulnerability in the Android Framework: Fragment Injection

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any...

Sharpening Your Security Intelligence Ax with Big Data

If you are the typical enterprise, you potentially have tens of thousands of software vulnerabilities spread across thousands and thousands of machines in your network. The possibilities for using existing data to enhance your vulnerability...

Taking on a Zero Day with Intelligence

The situation described here does not come from the ivory tower; instead it comes from the real world and shows how to rapidly and efficiently address a zero-day vulnerability. You are probably already overwhelmed with patching. Alternatively, you...

When Lack of Disclosure Can Kill You

With BlackHat and DefCon behind us here in the US, which means a lot of interesting new research was presented at the annual conference in Las Vegas, NV. And this year researchers are taking things to the next level with hacks of cars and pacemakers.

Android 4.3 is Here! What Does it Mean for Security?

Let's take a few minutes to examine the changes Android 4.3 Jelly Bean introduces from a security perspective. While ultimately, the specific nature of the Android 4.3 Jelly Bean firmware image from the device manufacturer...

Subverting BIND's SRTT Algorithm: Derandomizing NS Selection

New vulnerability found in BIND, the most popular DNS server. Exploiting this vulnerability allows to reduce the amount of effort required for an off-path (blind) DNS cache poisoning attack. This blog post describes the vulnerability in a less...