Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018

On August 14, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland NCSC-FI and the CERT Coordination Center CERT/CC disclosed a vulnerability in the IP stack that is used by the Linux Kernel. This vulnerability is publicly known as FragmentSmack. The...

Can search extensions keep your searches private?

One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second more than 40,000, on average tel...

Hashcat v4.2.1 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by GSKit

Summary Multiple security vulnerabilities have been identified in GSKit and GSKit-Crypto that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...

Design/Logic Flaw

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859...

CVE-2017-1366

CVE-2017-1366 affects IBM Security Identity Governance Virtual Appliance (IGI) 5.2 through 5.2.3.2, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is tied to IGI’s deployment and crypto handling, with IBM noting a rem...

CVE-2017-1366

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859...

Pip3Line - The Swiss Army Knife Of Byte Manipulation

Pip3line is a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere almost. Its main usefulness lies in pentesting and reverse-engineering / binary analysis purposes. Current transformations list include classic decoders such as...

Ubuntu 14.04 LTS : Bouncy Castle vulnerabilities (USN-3727-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3727-1 advisory. It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release ...

Security Bulletin : Multiple vulnerabilities in IBM GSKit affect IBM Host On-Demand.

Summary GSKit is an IBM component that is used by Host On-Demand. GSKit that is shipped with Host On-Demand contains multiple security vulnerabilities .Host On-Demand has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-1426 DESCRIPTION:IBM GSKit duplicates the PRNG state acros...

USN-3727-1 bouncycastle vulnerabilities

It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys...

USN-3727-1: Bouncy Castle vulnerabilities

It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys...

Gandcrab Ransomware Puts Pinch On Victims

ARCHIVED STORY GandCrab Ransomware Puts the Pinch on Victims By Alexandre Mundo · July 31, 2018 Update: On August 9 we added our analysis of Versions 4.2.1 and 4.3. The GandCrab ransomware first appeared in January and has been updated rapidly during its short life. It is the leading ransomware...

ARE YOU LEAVING YOUR SECURITY BACKDOOR OPEN?

Gartner predicts that enterprises will spend $96 Billion on cyber security this year, up 8% from their spend in 2017. That's a big chunk of change. To put it into context, that spend is in the same ballpark as the individual GDPs of Venezuela, Sri Lanka and Puerto Rico in 2018. Despite this,...

Code injection

IBM Sterling B2B Integrator Standard Edition IBM Sterling File Gateway 2.2.0 through 2.2.6 uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032...

CVE-2017-1575

IBM Sterling B2B Integrator Standard Edition IBM Sterling File Gateway 2.2.0 through 2.2.6 uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032...

CVE-2017-1575

CVE-2017-1575 affects IBM Sterling File Gateway (IBM Sterling B2B Integrator Standard Edition) 2.2.0–2.2.6. Root cause: use of weaker cryptographic algorithms enabling a local attacker to decrypt highly sensitive information. Impact: information disclosure with local access (C/H). Remediation: ap...

CVE-2017-1575

IBM Sterling B2B Integrator Standard Edition IBM Sterling File Gateway 2.2.0 through 2.2.6 uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032...