The researchers who disclosed the aLTEr attack last year (David Rupprecht, Thorsten Holz, and Christina Pöpper), have found new ways to exploit the lack of integrity protection on the 4G/5G user plane in a new attack called Imp4Gt.

Recently, a new vulnerability on Apache Tomcat AJP connector was disclosed.

Big news, even this week!

In order to avoid sourveillance, privacy invasion or information theft you must be sure that the data on your devices are secure, and the only way to do that in this day and age is to make sure they are full disk encrypted.

Social engineering techniques are frequently part of an overall security penetration test because also the “human network” need to be tested.

Most Docker images build on full Linux distributions often containing a lot of unnecessary complexity, adversely affecting also the application security.
However, by using Google’s “distroless” approach we can build small and secured runtime images.

There’s no rest for the (bluetooth) wearables

A team of security researchers have discovered numerous vulnerabilities in the Bluetooth Low Energy (BLE) implementations of major vendors.

Some reading to start the week!

Cross-Site Request Forgery (CSRF) is a type of attack that allows a malicious web site, email, blog, instant message, or program to causes a user’s web browser to perform an unwanted action on a trusted site, when the user is authenticated.

Security researchers at ERNW disclosed a vulnerability in Android bluetooth stack that lets attackers silently deliver malware to and steal data from nearby phones simply knowing the Bluetooth MAC address of the target (easy to guess just by looking at the WiFi MAC address).