ATTACK 2023 - 2024 2023 2022 2021 2020 Other
10.12.23 | CPU | An in-domain transient execution attack allows a sandboxed adversary to access a secret within the same domain by circumventing software-based access controls. | ||
10.12.23 | CPU | A cross-domain transient execution attack5 requires the adversary to find a disclosure gadget in the victim’s domain which, when executed transiently, can transiently access6 and transmit a secret over a covert channel. | ||
10.12.23 | CPU | In a domain-bypass transient execution attack, the adversary executes transient instructions that circumvent hardware-based access controls, allowing access to a secret outside of the adversary’s domain. | ||
10.12.23 | CPU | A transient execution attack exploits the microarchitectural side effects of transient instructions, thus allowing a malicious adversary to access information that would ordinarily be prohibited by architectural access control mechanisms. | ||
8.12.23 | CPU | SLAM: SPECTRE BASED ON LINEAR ADDRESS MASKING | ||
5.12.23 | Bluethoot | BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | ||
4.12.23 | BIOS | LogoFAIL: Security Implications of Image Parsing During System Boot | ||
28.11.23 | AI | A prompt injection attack is a type of cyberattack where a hacker enters a text prompt into a large language model (LLM) or chatbot, which is designed to enable the user to perform unauthorized actions. | ||
28.11.23 | Crypto | The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key. | ||
25.11.23 | WebShell | The web shell, a dynamic-link library (DLL) named "hrserv.dll," exhibits "sophisticated features such as custom encoding methods for client communication and in-memory execution | ||
15.11.23 | Attack | CacheWarp: Software-based Fault Injection using Selective State Res | ||
27.10.23 | Attack | Layer 3 DDoS attacks target layer 3 (L3) in the OSI model. Like all DDoS attacks, the goal of a layer 3 attack is to slow down or crash a program, service, computer, or network, or to fill up capacity so that no one else can receive service. L3 DDoS attacks typically accomplish this by targeting network equipment and infrastructure. | ||
27.10.23 | Attack | HTTP/2 Rapid Reset: deconstructing the record-breaking attack | ||
11.10.23 | Attack | HTTP/2 Rapid Reset: deconstructing the record-breaking attack | ||
4.7.23 | DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16).. | |||
27.6.23 | "The Great Seal Bug", a.k.a., "the Thing," was the first covert listening device that utilized passive techniques to transmit an audio signal for the purpose of speech eavesdropping. | |||
24.6.23 | Repo Jacking: Exploiting the Dependency Supply Chain | |||
22.6.23 | nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover | |||
25.3.23 | Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide | |||
11.3.23 | An AiTM attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. |