The researchers who disclosed the aLTEr attack last year (David Rupprecht, Thorsten Holz, and Christina Pöpper), have found new ways to exploit the lack of integrity protection on the 4G/5G user plane in a new attack called Imp4Gt.
Continue reading “IMP4GT: IMPersonation Attacks in 4G NeTworks”Author: Andrea Fortuna
CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!
Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows’ crypto library.
Continue reading “CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!”Some thoughts about “Shift Left” security in DevSecOps
A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle.
In a application security context, this refers to the measures implemented to ensure thart security concerns are taken into consideration during the whole application development, rather than at the end of the process.
CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability
Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.
Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”My Weekly RoundUp #122
I know, last week I slacked off, so few interesting links.
Don’t worry, few but good!