Security Research Labs

@SecReLabs

We are SRLabs, a hacking research collective and consulting think tank. Follow us to stay on top of the latest hacking research

srlabs.de
Vrijeme pridruživanja: ožujak 2019.
44 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @SecReLabs

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @SecReLabs

  1. Prikvačeni tweet
    29. stu 2019.

    We found multiple attacks on RCS, ranging from remote text message intercept to local MitM. Vulnerabilities lie in misconfigured deployments and the official Android messaging app. We present our attacks and how to fix them and .

    24 proslijeđena tweeta 26 korisnika označava da im se sviđa
    Poništi
  2. 4. velj

    We wanted to do a company survey via Microsoft forms. In the end our colleague got acknowledged by for two formula injections... (December 2019)

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  3. 27. pro 2019.

    We are looking forward to see our colleague on stage at later today. PS: Look out for the two SRLabs logos in the slides :)

    The AMD Secure Processor is a CPU in your CPU you do not control. It’s a Trusted Execution Environment to protect VMs from host access or copyrighted work from distribution. At I will present our PSP hacking and how we regained control over it.
    Prikaži ovu nit
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  4. 17. pro 2019.

    We did another test run on our smart speaker attacks from October. Turns out that – besides promises to prevent such attacks – both Amazon and Google still approve our malicious Skills/Actions for their stores.

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  5. 4. pro 2019.

    Today we are presenting our extended set of vulnerabilities in RCS at in London. In this interview with , Karsten discusses how carriers are repeating the same old - previously solved - security problems in brand new technology:

    4 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi
  6. 29. stu 2019.

    Some more details on the attacks can be found on our blog:

    New: multiple telecos are deploying RCS—the replacement to SMS—in ways that expose users to text and call interception, spoof phone calls, and leaking location data
    Prikaži ovu nit
    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  7. 8. stu 2019.

    Live view from our colleague who is working hard to finish the slides for next week. On November 13, he will talk about and how to integrate it into your software development life cycle to make your code more secure!

    3 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  8. 22. lis 2019.

    Our team member Stephan () identified a remote unauthenticated DoS vulnerability (CVE-2019-18217) in ProFTPD before 1.3.7rc2, with the use of one of his favorite tools . He is happy to explain more, so get in touch with him when interested!

    CVE-2019-18217 ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
    6 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  9. 21. lis 2019.

    4. Use 2-factor authentication to additionally protect your accounts in case of a lost password

    3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 21. lis 2019.

    3. Only use trusted third-party Actions/Skills that have been reviewed by many others (and hope that the assistant understands you correctly)

    1 reply 1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 21. lis 2019.

    2. Always check the LED indicator for activity when you expect the assistant to be inactive

    1 reply 1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 21. lis 2019.

    Four tips to protect yourself against our latest attacks: 1. Do not give your passwords to voice assistants. Google and Amazon would never ask for it

    Amazon's Alexa and Google Home's smart assistant were vulnerable to a security issue that could have allowed hackers to eavesdrop on people without their knowledge or entice users to hand over sensitive information, researchers say
    1 reply 1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 21. lis 2019.

    Thank you for explaining the Smart Spies hacks better than we ever could at !

    1 reply 3 proslijeđena tweeta 32 korisnika označavaju da im se sviđa
    Poništi
  14. 20. lis 2019.

    More information and videos showcasing these attacks at

    As foretold by prophecy, Alexa and Google Home are being used to eavesdrop and phish passwords.
    1 proslijeđeni tweet 5 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    20. lis 2019.

    Alexa and Google Home devices leveraged in new phishing and eavesdropping scenarios Issues not fixed, months after being reported.

    23 proslijeđena tweeta 37 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    20. lis 2019.

    " discovered that by adding the '�. ' (U+D801, dot, space) character sequence to various locations inside the backend of a normal Alexa/Google Home app, they could induce long periods of silence during which the assistant remains active."

    16 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  17. 20. lis 2019.

    New hack released today: Smart Spies. Amazon Alexa and Google Home enable eavesdropping and vishing (voice-phishing). More information and videos showcasing these attacks at

    1 reply 10 proslijeđenih tweetova 8 korisnika označava da im se sviđa
    Poništi
  18. 18. lis 2019.

    Many people own "smart" devices like TV's or doorbells. Knowing that these devices watch and track us, do you believe it is worth having such a device in your home?

    When we watch TV, our TVs watch us back and track our habits. This practice has exploded recently since it hasn’t faced much public scrutiny. But in the last few days, not one but *three* papers have dropped that uncover the extent of tracking on TVs. Let me tell you about them.
    Prikaži ovu nit
    1 reply 1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  19. 27. ruj 2019.

    Check whether your SIM is vulnerable with and monitor whether you are under active attack by using .

    New SIM card attack disclosed, similar to Simjacker -instead of sending OTA SMS to the S@T SIM card app, this one targets the WIB app -supports same commands -allows tracking, surveillance -no evidence of real-world attacks
    Prikaži ovu nit
    19 proslijeđenih tweetova 27 korisnika označava da im se sviđa
    Poništi
  20. 27. ruj 2019.

    The Simjacker hack puts 6% of SIM cards at risk according to six years of research measurements. A new SIM hack puts another 3.5% at risk. Check whether your SIM is vulnerable with SIMtester. Monitor whether you are under active attack using SnoopSnitch.

    17 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Poništi

@SecReLabs još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·