Ripple20: Multiple Zero Day Vulnerabilities in Treck TCP/IP stack

Treck IP stack implementations for embedded systems are affected by multiple zero-day vulnerabilities. Total 19 vulnerabilities  in a widely used low-level TCP/IP software library developed by Treck, Inc have been discovered by the JSOF research lab, who calls them Ripple20.  Treck TCP/IP Stack  Treck IP network stack is designed for and used in a variety of embedded systems. The software is often licensed and integrated … Continue reading “Ripple20: Multiple Zero Day Vulnerabilities in Treck TCP/IP stack”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”

Orpheus’ Lyre Vulnerability

The Orpheus’ lyre is a critical vulnerability in the implementation of the Kerberos protocol. The name has its roots in the Greek mythology where Orpheus plays his lyre to put Cerberus to sleep. Cerberus is the three headed dog the guards the entrance to the Underworld. Kerberos is named after Cerberus. Kerberos is heavily used by MS … Continue reading “Orpheus’ Lyre Vulnerability”