Please consider updating your browser. Some parts of the website may not function as intended.

A Flaw in the Windows TCP/IP Protocol Stack

TCP/IP Protocol Stack

A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]

“Playing Leapfrog” Default Password Usage Allows for Jfrog Artifactory Account Compromise

Jfrog Artifactory

Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]

T2 Security Chip in Mac a Computer Contains an “Unpatchable” Vulnerability

Security researchers have discovered a flaw, wherein two techniques are used to remove the restrictions apple puts in place (commonly known as Jailbreaking) are combined. Together, the Jailbreaking techniques exploit a vulnerability in Mac computers’ T2 Security Chip, which in turn allows an attacker to decrypt data and or plant malware on the device. Unpatchable […]

“Shark on the Router” (Authentication Bypass in Wireless Router Chipsets)

Multiple wireless router chipsets were discovered to be vulnerable to authentication bypass, giving a threat actor control of network traffic passing through the affected device(s). A successful attack occurs when an attacker injects arbitrary (unencrypted) packets into networks with WPA2 protection. Upon injection, the packets are considered to be legitimately routed traffic and encrypted responses […]

BLE Vulnerability Leads to Broken Authentication and Malicious Data Transfer

A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information. The vulnerability affects Linux, Android, […]

Risk Crew