Cybersecurity

You may have seen a recent post by WatchTowr titled We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI. The TLDR is that WatchTowr Labs discovered a major vulnerability in the .MOBI TLD by purchasing an expired WHOIS server domain for $20, allowing them to control WHOIS queries. They found that many systems, including Certificate Authorities (CAs) responsible for issuing TLS/SSL certificates, were querying this outdated WHOIS server, which enabled WatchTowr to spoof domain ownership information, namely emails....

priority_high April Fools! This blog post is a joke and does not represent real research. We hope you enjoyed it! In collaboration with the NIST, CISA and The University of South Florida I am pleased to announce research regarding a new class of vulnerability called Remote Bankruptcy Exploits (RBE). Overview The RBE vulnerability class represents a significant shift in the landscape of cybersecurity threats. Unlike traditional exploits that focus on data theft or system compromise, RBE attacks target the financial stability of startups and small businesses by exploiting the very infrastructure designed to scale their operations....