Sep 17, 2025
How to Write Your Cyber Security Dissertation - Top 10 Tips Revealed.Learn more at https://tr.ee/DDW80a.
-
seen from Malaysia
seen from Malaysia
seen from United States
seen from China
seen from United Kingdom
seen from United States
seen from Germany
seen from Luxembourg
seen from Hong Kong SAR China
seen from Japan
seen from Malaysia
seen from China
seen from Sri Lanka
seen from Sri Lanka
seen from Singapore
seen from Malaysia
seen from China
seen from United States
seen from Malaysia
seen from Netherlands
How to Write Your Cyber Security Dissertation - Top 10 Tips Revealed.Learn more at https://tr.ee/DDW80a.
-
Meet the Pogi :-D
https://bit.ly/3SAO3mn - 🔎 Aqua Nautilus researchers uncovered flaws in the vulnerability disclosure process for open-source projects. Their study showed how vulnerabilities could be harvested before being patched, increasing the risk of exploitation. The research involved analyzing GitHub commits, pull requests, and issues, along with data from the National Vulnerabilities Database (NVD). This work highlights the need for standardized responsible disclosure processes in open-source communities. #OpenSourceSecurity #VulnerabilityDisclosure #CybersecurityResearch 🛑 The vulnerability disclosure process is more complex than the binary distinction of '0-day' and '1-day'. Aqua Nautilus introduces two more stages: 'Half-Day' (where vulnerability information is publicly exposed but not officially released) and '0.75-Day' (an official patch is available, but no CVE or CPE is assigned). These stages present significant risks as attackers can exploit vulnerabilities during these windows. #CybersecurityAwareness #VulnerabilityManagement #InfoSec 📈 Case studies, including the analysis of the Log4Shell (CVE-2021-44228) disclosure process, revealed inherent discrepancies in reporting. The 'Half-Day' and '0.75-Day' windows allowed attackers to potentially exploit vulnerabilities before the general public was alerted and scanning tools could detect the issues. #Log4Shell #CyberAttackPrevention #SecurityAnalysis 🔍 Aqua Nautilus developed methods to identify vulnerabilities at scale using GitHub and NVD. Their approach involved searching for trigger words in GitHub projects and monitoring NVD for early exposure of CVEs. These methods help in detecting security issues before they become widely known. #GitHubSecurity #NVDAnalysis #CyberThreatIntelligence 🛡️ To mitigate the risks of early vulnerability exposure, the researchers suggest responsible disclosure practices, proactive scanning of open-source commits/issues/PRs, and implementing runtime protection strategies. These measures aim to minimize the gap between vulnerability discovery and patch release, reducing the opportunity window for attackers.
https://bit.ly/3KjEjbg - 🔓 A potentially severe vulnerability, tracked as CVE-2023-21406, has been found in Axis Communications' network door controller. This could expose facilities to both physical and cyber threats. Axis offers network cameras and other physical security products worldwide. The flaw is a heap-based buffer overflow affecting the Axis A1001 network door controller, and patches have been released to address it. #CyberSecurity #AxisCommunications 🔧 The vulnerability relates to the Open Supervised Device Protocol (OSDP), an access control communications standard. The heap-based buffer overflow was found in the process handling the OSDP communication, allowing data writing outside the allocated buffer. This could be exploited to execute arbitrary code. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that this product is widely used in commercial facilities. #CISA #OSDP 📡 The flaw was discovered during a larger project by industrial cybersecurity firm Otorio, which focused on assessing security and potential risks from advancements in access control readers and controllers, specifically the assumedly secure OSDP. The vulnerability can be exploited by an attacker who has physical access to the RS-485 twisted pair cable at the back of an access control reader, typically at the entry point of a secured facility. #CybersecurityResearch #Otorio 🚪 An attacker can use the vulnerability to open doors and tamper with logs on the access controller to erase their tracks. Moreover, they can exploit the flaw to remotely execute code on the internal access controller from outside the targeted facility via the serial channel used for reader-controller communications. This could potentially serve as a gateway to the internal IP network, even if highly segmented or air-gapped from the internet. #DataProtection #AccessControl 🔍 As part of the same project, Otorio has found other vulnerabilities in access control products and has developed an OSDP assessment tool that it plans to release as open source in the future.