Shows
Cyber BriefingJanuary 29, 2025 - Cyber Briefing
👉 What's trending in cybersecurity today?
🚨 #CyberAlerts
Broadcom Urges Immediate Fix for VMware Avi Load Balancer SQL Injection Flaw
Source: Broadcom
OAuth Flaw in Airline Travel Service Exposes Millions to Account Hijacking Risk
Source: Amit Elbirt via Salt Labs
Apple Processors Flaws Expose Sensitive Data Through Browser Attacks
Source: Jason Kim, Jalen Chuang, and Daniel Genkin from Georgia Institute of Technology and Yuval Yarom from Ruhr University Bochum
FleshStealer Malware Targets Sensitive Data with Advanced Evasion Tactics
Source: Flashpoint
PureC...
2025-01-2909 min
ThinkstScapesThinkstScapes Research Roundup - Q2 - 2023Privacy in the modern eraIPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level GeolocationErik Rye and Robert Beverly[Slides] [Paper] [Code]Device Tracking via Linux’s New TCP Source Port Selection AlgorithmMoshe Kol, Amit Klein, and Yossi Gilad[Code] [Paper]zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity InfrastructureMichael Rosenberg, Jacob White, Christina Garman, and Ian Miers[Paper] [Code]3 Years in China: A Tale of Building a REAL Full Speed Anti-Censorship RouterKaiJern La...
2023-08-0531 min
Scholarly CommunicationWriting about Data: A Discussion with Yuval YaromListen to this interview of Yuval Yarom, Professor of Computer Science at Ruhr University Bochum, Germany. We talk about how authors interpret the data and the facts, and we talk, too, about how readers interpret the authors' words about those data and facts.Yuval Yarom: "I like to think that the question whether the Title is boring or not does not affect me, just like I like to think that advertising does not affect me. But, I'm probably wrong on both counts. I do try to read papers based on whether they're related to what I do. B...
2023-07-1649 minThinkstScapesThinkstScapes Research Roundup - Q1 - 2022Hyntrospect: a fuzzer for Hyper-V devicesDiane Dubois[Slides] [Paper] [Code] [Video]Put an io_uring on it: Exploiting the Linux KernelValentina Palmiotti[Blog]The AMD Branch (Mis)predictor: Where No CPU has Gone BeforePawel Wieczorkiewicz[Blog part 1] [Blog part 2]Dynamic Process IsolationMartin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Daniel Gruss, and Michael Schwarz[Paper]Another Brick in the Wall: Uncovering SMM Vulnerabilities in HP FirmwareItai...
2022-04-2534 min
Cryptography FMEpisode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌Elliptic-curve signatures have become a highly used cryptographic primitive in secure messaging, TLS as well as in cryptocurrencies due to their high speed benefits over more traditional signature schemes. However, virtually all signature schemes are known to be susceptible to misuse, especially when information about the nonce is leaked to an attacker.
LadderLeak is a new attack that exploits side channels present in ECDSA, claiming to allow real-world breaking of ECDSA with less than a bit of nonce leakage. But what does “less than a bit” mean in this context? Is LadderLeak really that effective at breaking ECDS...
2020-11-1742 min