❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayVerSprite

Unpatched Security Vulnerability in OPTO 22 PAC Basic Software

By: bigdrop
23 April 2021 at 14:07

This ungated Vulnerability Analysis Report outlines the vulnerabilities found by VerSprite's security research team within Razer's Synapse 3 software suite, including risk level, disclosure timeline, and remediation information. The vulnerabilities covered are CVE-2021-30493 and CVE-2021-30494.

The post Unpatched Security Vulnerability in OPTO 22 PAC Basic Software appeared first on VerSprite.

Exploit with VS- Labs. CVE-2023-3439: Analyzing UAF Vulnerability in Linux MCTPΒ 

By: Olya
21 September 2023 at 13:58

Β  In this blog post, we will analyze the UAF vulnerability in the Linux mctp component and possible exploitation scenarios in detail. We will show the necessary steps to prepare...

The post Exploit with VS- Labs. CVE-2023-3439: Analyzing UAF Vulnerability in Linux MCTPΒ  appeared first on VerSprite.

AFD.sys – Primitives in The Pocket | Integer Shenanigans

By: Olya
24 July 2023 at 20:32

Intro VerSprite VS-Labs Research team discovered an interesting integer arithmetic bug within the Windows Kernel Ancillary Function Driver (AFD.sys) while performing N-day analysis after Microsoft Patch Tuesday. Within this blog...

The post AFD.sys – Primitives in The Pocket | Integer Shenanigans appeared first on VerSprite.

Printer Spooler Bug Research

By: bigdrop
22 December 2022 at 15:07

In this blog, we dive into and show how attackers could combine the 0day CVE-2020-0986 with the 0day in IE browser to achieve privilege escalation and then execute code remotely. Now, Maddie Stone, a security researcher on Google's Project Zero team, found that an attacker can still trigger CVE-2020-0986 and elevate kernel privileges by sending an offset instead of a pointer.

The post Printer Spooler Bug Research appeared first on VerSprite.

Part 6: Comprehensive Research of Linux Operating System

16 June 2022 at 06:39

This research series examined the Linux OS in detail and discussed everything from its architecture to the drivers and even the exploits. Today, we conclude the comprehensive research of Linux with an overview of its main elements.

The post Part 6: Comprehensive Research of Linux Operating System appeared first on VerSprite.

Part 5: Comprehensive Research of Linux Operating System

1 June 2022 at 14:57

To summarize again briefly, syscall is an instruction that lowers the privilege level of the currently running application to 0 and allows the program to be performed in higher privilege using the required registers. In this section, we look at the Syscall instruction at the assembly level and try to analyze it in detail.

The post Part 5: Comprehensive Research of Linux Operating System appeared first on VerSprite.

Part 4: Comprehensive Research of Linux Operating System

26 May 2022 at 17:01

We already know that the entire Linux operating system is written in C. And not just the operating system, but many binaries that run on it are written in C. Although there are multiple reasons for this, the main reason is that C is a very fast and powerful language.

The post Part 4: Comprehensive Research of Linux Operating System appeared first on VerSprite.

Part 3: Comprehensive Research of Linux Operating System

18 May 2022 at 20:02

As we discussed in the previous parts, the Linux Kernel is a collection of code written entirely in C. This is important to keep in mind while we are dealing with the attack floats because the vulnerabilities found in the Linux Kernel can be found in any executable file written using the C programming language.

The post Part 3: Comprehensive Research of Linux Operating System appeared first on VerSprite.

Security Vulnerability Classes in Popular Programming Languages

By: bigdrop
15 December 2021 at 21:17

VerSprite's security researchers explain common security vulnerabilities found in programming languages including: Python, JavaScript, PhP, Java, C, C++, and Swift. Plus, get advice for choosing which programing language is best for your application.

The post Security Vulnerability Classes in Popular Programming Languages appeared first on VerSprite.

Google Fuchsia OS Sets a New Standard for Operating System Security

20 July 2021 at 12:23

Google's newest OS, Fuchsia, is praised as being more secure than others already on the market. In this article and video, VerSprite dives into Google's Fuchsia OS to determine why the architecture and microkernel allow it to be more secure than Android, Apple, or Windows.

The post Google Fuchsia OS Sets a New Standard for Operating System Security appeared first on VerSprite.

VerSprite Finds Vulnerability in NETGEAR Nighthawk WiFi Router

4 June 2021 at 15:09

VerSprite's Security Research team found a high-risk vulnerability in NETGEAR's popular gaming router. This vulnerability analysis details more on the risk level, disclosure timeline, the ZEBRA daemon vulnerability, and patch information.

The post VerSprite Finds Vulnerability in NETGEAR Nighthawk WiFi Router appeared first on VerSprite.

Proactive Malware Threat-Hunting: Benefits, Techniques, and Trends

By: Olya
13 July 2023 at 03:02

Author: Uddip Ranjan, VerSprite Threat Intelligence Group Analyst As the threat landscape continues to evolve, attackers are becoming more evasive. Organizations must take a proactive approach to cybersecurity to identify...

The post Proactive Malware Threat-Hunting: Benefits, Techniques, and Trends appeared first on VerSprite.

Virtual Security Solution for Your Organization – VerSprite VSOCΒ 

By: Olya
5 July 2023 at 21:24

Organizations face ever-increasing cyber threats in today’s rapidly evolving digital landscape. To address this challenge, a virtual Security Operations Center (vSOC) has emerged as an affordable and effective solution for...

The post Virtual Security Solution for Your Organization – VerSprite VSOCΒ  appeared first on VerSprite.

Determining Impact and Probability in Risk-Centric Threat Modeling (With PASTA)Β 

By: Olya
29 June 2023 at 17:37

Determining the impact and probability values of threats and vulnerabilities is critical to managing risks associated with the threat model and having a strong cybersecurity program. PASTA, the risk-centric methodology,...

The post Determining Impact and Probability in Risk-Centric Threat Modeling (With PASTA)Β  appeared first on VerSprite.

From Complexity to Clarity: Demystifying Risk Equation in Threat Modeling

By: Olya
26 June 2023 at 08:53

A robust threat modeling methodology for applications and organizations is crucial in navigating the modern and complex cybersecurity landscape. This blog post focuses on the key aspects of the threat...

The post From Complexity to Clarity: Demystifying Risk Equation in Threat Modeling appeared first on VerSprite.

❌
❌