Security
Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.
A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.
Discoveries made by Google's Threat Analysis Group, which tracks nation-state hacking.
An error as small as a single flipped memory bit is all it takes to expose a private key.
The eight-page report said hackers were able to obtain access to the data by exploiting vulnerability in the MOVEit file transfer program
iLeakage is practical and requires minimal resources. A patch isn't (yet) available.
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Security
!security@kbin.socialSecurity offline and online