Posted by Demi Marie Obenour on Sep 27You are definitely correct about 99.99% of users, but my work aims to protect the 0.01%. The people who have a legitimate reason to believe that a nation-state actor really is out to get them. Specifically, I work on Spe…

Posted by Demi Marie Obenour on Sep 27What about attackers trying to escape VMs? At some point the hardware might actually become the weakest link. Is there something about Rowhammer specifically that makes it an unattractive attack, even for nation-state att…

Posted by Peter Gutmann on Sep 27Jacob Bachmeyer writes: It depends on what you mean by "failed". Rowhammer is an attack that no (real-life) attacker has ever used, and no real-life attacker will ever use, because there are about, oh, six million much easier…

Posted by Jacob Bachmeyer on Sep 27Unless I misunderstood the paper on a first reading, that proof is only an upper bound on row activations before mitigations are applied. That says *nothing* about actually preventing bit-flips. In particular, the possib…

Posted by Demi Marie Obenour on Sep 27Have any of them had a proof of correctness? MOAT at least claims to, and if that proof is correct, then either it is secure or one of the assumptions it is based on is invalid. ASLR is an awesome mitigation. It definite…

Posted by Jacob Bachmeyer on Sep 27I am somewhat skeptical about this, simply because there have been many "proper solutions" to Rowhammer that have thus far failed. You suspect that ASLR is generally provably useless? "Sliding" the stack is the same basi…

Posted by Demi Marie Obenour on Sep 26I don't know that it can be. See https://arxiv.org/pdf/2407.09995 for the proper solution: store a per-row activation counter alongside the row itself, and when any row in a bank exceeds the threshold, take action. I su…

CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On …

watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has ‘credible evidence’ that the critical Fortra GoAnywhere MFT flaw CVE-…

Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. [...]

CVE-2025-10035 (CVSS 10.0) is a new critical severity vulnerability in Fortra GoAnywhere MFT (Managed File Transfer). This maximum-risk CVE could provide attackers with unauthenticated remote command execution (RCE). All users should patch with urgency. GoAny…

Posted by Christian Hoffmann on Sep 26Hi, on 2025-09-23 CVE-2025-9900 was published for libtiff 4.7.0 and it seems to have gained some traction due to the potential risk of code execution via malicious TIFF files. I was wondering about the real world criti…

Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.

Posted by Jacob Bachmeyer on Sep 25First, that does absolutely nothing for current hardware. Declaring all (or almost all) current hardware e-waste is severely environmentally irresponsible if it can possibly be avoided. Second, I had expected ECC to "kill…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: iMonitorSoft EAM vulnerabl…

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Certificate Validation leading to RCE product: Clever…

Posted by Demi Marie Obenour on Sep 25What about hardware fixes? Those will take a long time to roll out but hopefully they can be 100% effective. One idea I had is to add physical guard pages between uses of memory for different purposes.

As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can remotely crash or execute code on vulnerable systems. Cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was present in all supported versions o…

Posted by VMware PSIRT on Sep 25Hi Alexander, We somehow missed your previous e-mail. Thank you for reviving this thread. Please see our responses below: unexpected symlinks in file paths" - is implemented by calling realpath() (or a Windows function on th…

Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About CVE-2025-20352 Cisco IOS software can be found on older models of Cisco Catalyst switche…