all InfoSec news
Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
Sept. 8, 2022, 4 p.m. | Google (noreply@blogger.com)
Google Online Security Blog security.googleblog.com
Recently, OSS-Fuzz—our community fuzzing service that regularly checks 700 critical open source projects for bugs—detected a serious vulnerability (CVE-2022-3008): a bug in the TinyGLTF project that could have allowed attackers to execute malicious code in projects using TinyGLTF as a dependency.
The bug was soon patched, but the wider significance remains: OSS-Fuzz caught a trivially exploitable command injection vulnerability. This discovery shows that fuzzing …
More from security.googleblog.com / Google Online Security Blog
Address Sanitizer for Bare-metal Firmware
4 weeks, 1 day ago |
security.googleblog.com
Real-time, privacy-preserving URL protection
1 month, 1 week ago |
security.googleblog.com
Vulnerability Reward Program: 2023 Year in Review
1 month, 1 week ago |
security.googleblog.com
Secure by Design: Google’s Perspective on Memory Safety
1 month, 2 weeks ago |
security.googleblog.com
Improving Interoperability Between Rust and C++
2 months, 2 weeks ago |
security.googleblog.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Specialist
@ Lely | Maassluis, Netherlands
IT Security Manager (Corporate Security) (REF822R)
@ Deutsche Telekom IT Solutions | Budapest, Hungary
Senior Security Architect
@ Cassa Centrale Banca - Credito Cooperativo Italiano | Trento, IT, 38122
Senior DevSecOps Engineer
@ Raft | Las Vegas, NV (Remote)
Product Manager - Compliance
@ Arctic Wolf | Remote - Colorado