Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-06-17 05:15   Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)    #NCC Group Research #威胁情报 By Nicolas Bidron, and Nicolas Guigo. [Editor’s note: This is an updated/expanded version of these advisories which we originally published on June 3 2022.] U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most linux

2022-06-16 16:15   Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?    #NCC Group Research #威胁情报 The healthcare sector and ransomware attacks appear together frequently in the media. Since before the start of the pandemic rarely a week goes by without at least one story about a healthcare organisation falling victim to a ransomware attack. We often hear about the financial impact thes

2022-06-16 02:04   Public Report – Threshold ECDSA Cryptography Review    #NCC Group Research #威胁情报 In March 2022, DFINITY engaged NCC Group to conduct a security and cryptography review of a threshold ECDSA implementation, which follows a novel approach described in the reference paper entitled “Design and analysis of a distributed ECDSA signing service” and available on the IACR ePri

2022-06-15 04:09   Exception Handling and Data Integrity in Salesforce    #NCC Group Research #威胁情报 Robust exception handling is one of the tenets of best practice for development, no matter what the coding language. This blog post explores the curious circumstances in which a developer trying to do the right thing – but without appreciating the full effects – could lead to data integr

2022-06-11 02:29   Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)    #NCC Group Research #威胁情报 The Trendnet TEW-831DR WiFi Router was found to have multiple vulnerabilities exposing the owners of the router to potential intrusion of their local WiFi network and possible takeover of the device. Five vulnerabilities were discovered. Below are links to the associated technical advisories: Techni

2022-06-06 22:36   Shining the Light on Black Basta    #NCC Group Research #威胁情报 This blog post documents some of the TTPs employed by a threat actor group who were observed deploying Black Basta ransomware during a recent incident response engagement, as well as a breakdown of the executable file which performs the encryption.

2022-06-04 02:50   Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)    #NCC Group Research #威胁情报 By Nicolas Bidron, and Nicolas Guigo. U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices. Two vulnerabilities were uncovered in the IP Defragmentation al

2022-06-02 21:33   NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program    #NCC Group Research #威胁情报 Congratulations to NCC Group researcher Jeremy Boone, who was recently recognized for both the Highest Quality Report, as well as the Most Eligible Reports, as an invited researcher to the Intel Circuit Breaker program! From Intel: “This exclusive event invited a select group of security resea

2022-06-01 07:59   Conference Talks – June 2022    #NCC Group Research #威胁情报 This month, members of NCC Group will be presenting their technical work & training courses at the following conferences: NCC Group, “Training: Mastering Container Security,” to be presented at 44CON (June 13-15 2022) NCC Group, “Training: Google Cloud Platform (GCP) Security R

2022-06-01 04:51   Hardware Security By Design: ESP32 Guidance    #NCC Group Research #威胁情报 This discussion focuses on specific configuration details of the ESP32 family of microcontrollers and the recommended best practices associated with those details.

2022-06-01 02:45   Public Report – Lantern and Replica Security Assessment    #NCC Group Research #威胁情报 From September 28th through October 23rd, 2020, Lantern – in partnership with the Open Technology Fund – engaged NCC Group to conduct a security assessment of the Lantern client. Lantern provides a proxy in order to circumvent internet censorship. This assessment was open ended and time-

2022-05-31 23:00   NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard    #NCC Group Research #威胁情报 Congratulations to NCC Group researcher Juan Garrido, who was recently named amongst Microsoft’s most valuable security researchers on the MSRC 2022 Q1 Security Researcher Leaderboard! This honour, recognized quarterly by the Microsoft Researcher Recognition Program, is offered to security res

2022-05-28 03:20   Technical Advisory – FUJITSU CentricStor Control Center    #NCC Group Research #威胁情报 On the 6th of April 2022, NCC Group's Fox-IT discovered two separate flaws in FUJITSU CentricStor Control Center V8.1 which allows an attacker to gain remote code execution on the appliance without prior authentication or authorization.

2022-05-27 01:15   Public Report – go-cose Security Assessment    #NCC Group Research #威胁情报 In April and May 2022, NCC Group Cryptography Services engaged in a security and cryptography assessment reviewing Microsoft’s contributions to the go-cose library, a Go library implementing signing and verification for CBOR Object Signing and Encryption (COSE), as specified in RFC 8152. This

2022-05-25 02:48   Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)    #NCC Group Research #威胁情报 Current Vendor: SerComm Vendor URL: Systems Affected: SerComm h500s Versions affected: lowi-h500s-v3.4.22 Authors: Diego Gómez Marañón & @rsrdesarrollo CVE Identifier: CVE-2021-44080 Risk: 6.6(Medium)- AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Summary The h500s is a router devi