Aggregator

A vulnerability classified as problematic was found in HPE Aruba Networking AOS up to 8.10.0.15/8.12.0.3/10.4.1.6/10.7.1.0. Affected by this issue is some unknown functionality of the component Captive Portal. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-27084. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.1.21/6.2.8. The affected element is an unknown function. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2023-53036. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.21/6.2.8. This impacts an unknown function of the component arm64. Executing manipulation can lead to privilege escalation. This vulnerability appears as CVE-2023-53043. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 5.15.104/6.1.21/6.2.8 and classified as critical. This vulnerability affects the function kzalloc of the component scsi. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2023-53038. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.2.8 and classified as critical. Affected by this vulnerability is the function ieee802154_hdr_peek_addrs of the component ca8210. Executing manipulation can lead to buffer overflow. This vulnerability appears as CVE-2023-53040. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.21/6.2.8. The impacted element is an unknown function of the component scsi. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2023-53037. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.20/6.2.7. This affects an unknown part. Executing manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2023-53042. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.104/6.1.21/6.2.8. It has been rated as critical. Affected by this issue is the function ish_probe of the component HID. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2023-53039. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in SailPoint IdentityIQ up to 8.1p6/8.2p6/8.3p3/8.4. The impacted element is an unknown function of the component Lifecycle Manager. The manipulation results in improper privilege management. This vulnerability was named CVE-2024-2228. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in OpenKM up to 6.3.11. It has been classified as problematic. The impacted element is an unknown function of the file /admin/DatabaseQuery. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2024-35475. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data. Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending […]

SESSION
Session 3A: Network Security 1

Authors, Creators & Presenters: Shencha Fan (GFW Report), Jackson Sippe (University of Colorado Boulder), Sakamoto San (Shinonome Lab), Jade Sheffey (UMass Amherst), David Fifield (None), Amir Houmansadr (UMass Amherst), Elson Wedwards (None), Eric Wustrow (University of Colorado Boulder)

PAPER
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
We present textit(Wallbleed), a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall's well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor's operational behaviors. To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector's parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor's patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector's multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024. Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users.

ABOUT NDSS The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China appeared first on Security Boulevard.

SESSION
Session 2D: Android Security 1

Authors, Creators & Presenters: Inon Kaplan (Independent Researcher), Ron Even (Independent Researcher), Amit Klein (The Hebrew University Of Jerusalem, Israel)

---
PAPER
---

You Can Rand but You Can't Hide: A Holistic Security Analysis of Google Fuchsia's (and gVisor's) Network Stack
This research is the first holistic analysis of the algorithmic security of the Google Fuchsia/gVisor network stack. Google Fuchsia is a new operating system developed by Google in a "clean slate" fashion. It is conjectured to eventually replace Android as an operating system for smartphones, tablets, and IoT devices. Fuchsia is already running in millions of Google Nest Hub consumer products. Google gVisor is an application kernel used by Google's App Engine, Cloud Functions, Cloud ML Engine, Cloud Run, and Google Kubernetes Engine (GKE). Google Fuchsia uses the gVisor network stack code for its TCP/IP implementation. We report multiple vulnerabilities in the algorithms used by Fuchsia/gVisor to populate network protocol header fields, specifically the TCP initial sequence number, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID fields. In our holistic analysis, we show how a combination of multiple attacks results in the exposure of a PRNG seed and a hashing key used to generate the above fields. This enables an attacker to predict future values of the fields, which facilitates several network attacks. Our work focuses on web-based device tracking based on the stability and relative uniqueness of the PRNG seed and the hashing key. We demonstrate our device tracking techniques over the Internet with browsers running on multiple Fuchsia devices, in multiple browser modes (regular/privacy), and over multiple networks (including IPv4 vs. IPv6). Our tests verify that device tracking for Fuchsia is practical and yields a reliable device ID. We conclude with recommendations on mitigating the attacks and their root causes. We reported our findings to Google, which issued CVEs and patches for the security vulnerabilities we disclosed.

---

ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

---

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – A Holistic Security Analysis Of Google Fuchsia’s (And gVisor’s) Network Stack appeared first on Security Boulevard.

Over the past year, we've seen a steady drumbeat of supply chain incidents targeting npm — each slightly different, but collectively pointing to the same truth: the open source ecosystem is being stress-tested in real time.

The post Unprecedented Automation: IndonesianFoods Pits Open Source Against Itself appeared first on Security Boulevard.

Trump’s dismissive remarks on cyber threats contrast sharply with his administration’s official calls for action.

The post While White House demands deterrence, Trump shrugs appeared first on CyberScoop.

Rachel Jin, chief enterprise platform officer at Trend Micro, explains how multiple forms of artificial intelligence (AI) will be used to predict and disrupt cyberattacks even as they grow in volume and sophistication. As cyberattacks grow in scale, speed, and complexity, Jin argues that the security community can no longer afford to be purely reactive...

The post Using AI to Predict and Disrupt Evolving Cyberattacks appeared first on Security Boulevard.

Sachin Jade, chief product officer at Cyware, discusses the evolving challenge of operationalizing threat intelligence and how AI is redefining the speed and scale of cyber defense. Jade explains that most organizations today struggle to turn intelligence into meaningful action. Despite the massive investment in feeds, dashboards, and frameworks, many security teams still rely on..

The post Operationalizing Threat Intelligence and AI-Powered Cyber Defense appeared first on Security Boulevard.

A vulnerability was found in Sophos Firewall up to 21.0. It has been declared as critical. This affects an unknown function of the component Secure PDF eXchange Configuration Handler. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-12727. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Sophos Firewall up to 21.0. It has been classified as critical. Affected is an unknown function of the component User Portal. Performing manipulation results in code injection. This vulnerability is known as CVE-2024-12729. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Sophos Firewall up to 20.0 MR2. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component SSH. Executing manipulation can lead to use of weak credentials. This vulnerability is handled as CVE-2024-12728. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.