NCC Group Research Home

  • Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

    September 14, 2021 by

    Summary PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Impact An attacker could steal a victim’s session tokens, log their keystrokes, steal private data, or perform privileged actions in the context of a victim’s session. Details JavaScript URLs are… Read more

  • Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

    September 10, 2021 by

    This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, “Pairing over BLS12-381,” implemented the entire pairing… Read more

  • CertPortal: Building Self-Service Secure S/MIME Provisioning Portal

    September 10, 2021 by

    tl;dr NCC Group’s Research & Development team designed and built CertPortal which allows users to create and manage S/MIME certificates automating the registration and renewal to allow enterprise scale deployment. The core of the system integrates DigiCert to create an S/MIME certificate and then storing both the certificate, the password, creation and expiry dates in… Read more

  • NSA & CISA Kubernetes Security Guidance – A Critical Review

    September 9, 2021 by

    Last month, the United States’ National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report (CTR) detailing the security hardening they recommend be applied to Kubernetes clusters, which is available here. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or… Read more

  • Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

    September 1, 2021 by

    Summary The New York State (NYS) Excelsior scanner app is used by businesses or event venues to scan the QR codes contained in the NYS Excelsior wallet app to verify that an individual has either a negative COVID-19 test or their vaccination status. We have found that some data about the businesses/event venues using the app… Read more

  • Conference Talks – September 2021

    August 31, 2021 by

    This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, “Overview of Open-Source Cryptography Vulnerabilities”, to be presented at the International Cryptographic Module Conference 2021 (Virtual – Sept 3 2021) Robert Seacord, “Secure Coding”, to be presented at Auto ISAC Analysts (Virtual – Sept 7 2021) Erik Steringer,… Read more

  • The ABCs of NFC chip security

    August 30, 2021 by

    tl;dr NFC tags are becoming increasingly more common in everyday use cases such as:  Public spaces like museums, art galleries or even retail stores in order to provide additional information about an item or product.  Inventory management sites use NFC tags on product packaging to update information on its contents.  Industrial facilities can use NFC… Read more

  • Disabling Office Macros to Reduce Malware Infections

    August 16, 2021 by

    Category:  Reduction/Prevention Overview Document macros have gone in and out of style since 1995 as a deployment method for malware. Netskope’s latest ‘Cloud and Threat Report: July 2021 Edition’ points out that in Q2 of 2021, Microsoft Office macros accounted for 43% of malicious Office document downloads, compared to just 20% at the beginning of… Read more

  • Some Musings on Common (eBPF) Linux Tracing Bugs

    August 6, 2021 by

    Having been in the game of auditing kprobe-based tracers for the past couple of years, and in light of this upcoming DEF CON on eBPF tracer race conditions (which you should go watch) being given by a friend of mine from the NYU(-Poly) (OSIR)IS(IS) lab, I figured I would wax poetic on some of the… Read more

  • Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

    August 5, 2021 by

    Summary The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root. This vulnerability is a bypass of the patch for CVE-2020-8260. Impact Successful exploitation of this issue results in Remote Code Execution on the underlying Operating System with… Read more

  • Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)

    July 26, 2021 by

    Summary Sunhillo is an industry leader in surveillance data distribution. The Sunhillo SureLine application contained an unauthenticated operating system (OS) command injection vulnerability that allowed an attacker to execute arbitrary commands with root privileges. This would have allowed for a threat actor to establish an interactive channel, effectively taking control of the target system. Impact… Read more

  • Practical Considerations of Right-to-Repair Legislation

    July 23, 2021 by

    Background For some time there has been a growing movement amongst consumers who wish to repair their own devices in a cost effective manner, motivated to reduce their expenses, and reduce e-waste. This is becoming ever more difficult to achieve as devices reach ever higher levels of complexity, and include more electronics and firmware. The… Read more

  • Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

    July 22, 2021 by

    Summary ICTFax is fax to email software maintained by ICTInnovations. In version 7-4 of this product, available through the CentOS software repository, an indirect object reference allows a user of any privilege level to change the password of any other user within the application – including administrators.  Impact Successful exploitation of this vulnerability can allow… Read more

View all posts